Study on Aftermath of Data Breaches Provides Helpful Insight for HIPAA Breach Notification

A recently published study on The Aftermath of a Mega Data Breach:  Consumer Sentiment was performed by the Ponemon Institute and sponsored by Experian Data Breach Resolution.  The purpose of the study was to explore consumer sentiments following a data breach.  While the report did not focus exclusively on HIPAA Breach Notification, the findings of this study are useful for HIPAA covered entities responding to a HIPAA breach.  Consumers reported that 15% of the breach notifications that they received were… Read More >

OCR Annual Report to Congress on HIPAA Breaches: Theft, Loss and Unauthorized Access to PHI Continue to Be Concerns

The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) recently submitted its annual HIPAA breach notification report to Congress as required by the HITECH Act for years 2011 and 2012.  The report discussed both large HIPAA breaches (involving greater than 500 people, which must be reported to OCR within 60 days) and smaller HIPAA breaches (involving less than 500 people, which must be reported to OCR annually).  The report showed that the greatest number… Read More >

HIPAA Breach Spawns Class Action Lawsuit

  The theft of unencrypted laptop computers from a vendor that handles billing and patient payment collections for Los Angeles County has now resulted in a class action lawsuit.  The Los Angeles Times reported that the suit alleges patients were not timely notified and that the free credit monitoring being offered by the vendor is not sufficient. The theft of five laptops occurred on February 5, 2013.  It resulted in a HIPAA breach affecting approximately 168,500 individuals.  Information contained in… Read More >

County Governments Deal with HIPAA Breaches Impacting Thousands

Two county governments are dealing with the consequences of HIPAA Security breaches affecting thousands of individuals.  Skagit County, Washington and Los Angeles County, California both recently experienced HIPAA Security breaches resulting in penalties, breach notification expenses and unwanted negative publicity. In a recent press release, the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that Skagit County, Washington agreed to settle several potential HIPAA violations involving public access to electronic protected health information (ePHI). OCR… Read More >