Header graphic for print
Privacy Law Blog

Tag Archives: health care

A $1.2 Million Photocopier Mistake: Health Plan Settles with HHS in HIPAA Breach Case

Posted in Data Breaches, HIPAA, Identity Theft, Medical Privacy

We have heard the well-publicized stories of stolen laptops and resulting violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and we generally recognize the inherent security risks and potential for breach of unsecured electronic protected health information posed by computer hard drives. We remember to “wipe” the personal data off of… Continue Reading

HIPAA Privacy In The Aftermath Of Sandy: Be Prepared For The Next Emergency

Posted in HIPAA, Medical Privacy, Miscellaneous, Mobile Privacy, Workplace Privacy

As health care providers, patients, family members, friends, and disaster relief agencies such as the American Red Cross continue to grapple with the aftermath of Hurricane Sandy it is important to be mindful of privacy regulations and to prepare in advance for the next emergency. The Health Insurance Portability and Accountability Act  of 1996 (“HIPAA”… Continue Reading

HHS Enters Into First Monetary Settlement Under HIPAA

Posted in Medical Privacy

On July 15, 2008, the U.S. Department of Health & Human Services (“HHS”) entered into its first Resolution Agreement with a HIPAA-covered entity to settle alleged violations of the privacy and security regulations promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Pursuant to the Resolution Agreement, a Seattle-based not-for-profit health system, Providence… Continue Reading

Prying Eyes Make Headlines

Posted in Medical Privacy

Proskauer on Privacy will never be confused with TMZ, but we would be remiss if we failed to report on the high profile privacy scandal unfolding in the backyard of our Los Angeles office. As we previously reported, California’s data breach notification law was amended effective January 1, 2008, to include breaches of medical and health insurance information. A number of recent incidents illustrate once again that it is not enough to have written policies and procedures in place for the handling of sensitive information – employee training is essential.