Cybersecurity


Anthem Agrees to $48 Million Multi-State Settlements Over 2014 Data Breach
October 9, 2020 | Ada Janocinska | Cybersecurity | Electronic Health Records | HIPAA | Litigation | Private Insurers

Health insurer Anthem, Inc. has finally reached a settlement with a coalition of 41 states plus the District of Columbia, and a separate settlement with California, to resolve state attorney general investigations of a data breach that occurred in 2014. Anthem has agreed to pay the states a total monetary penalty of $48.2 million.

The

Read More
Insurer Paid Second Largest HIPAA Settlement Ever
September 29, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Litigation | Private Insurers

The third HIPAA settlement to be announced by the U.S. Department of Health and Human Services within one week was a big one. On September 25, HHS announced that Premera Blue Cross agreed to pay $6.85 million to HHS’s Office for Civil Rights (OCR) to settle HIPAA violations arising out of a data breach that

Read More
OCR Updates Mobile Health App Resources
September 25, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy | Medical Devices and Wearables | Telehealth

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently unveiled a new website with updated guidance and resources for mobile health app developers regarding the HIPAA Privacy, Security, and Breach Notification Rules. The new Resources for Mobile Health Apps Developers site replaces OCR’s prior Health App Developer Portal.

The new site’s Health

Read More
GA Orthopedic Practice in $1.5M HIPAA Settlement
September 23, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Litigation

On September 21, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a $1.5 million agreement with Athens Orthopedic Clinic PA to settle “longstanding, systemic noncompliance” with the HIPAA Privacy and Security Rules. OCR’s investigation was triggered by a 2016 data breach that affected more than 200,000 of Athens Orthopedic’s patients.

Read More
COVID-19 Business Briefing: Telehealth
April 7, 2020 | Rivkin Rounds Staff | Behavioral Health | COVID-19 | Cybersecurity | HIPAA | Home Health | Hospitals | Legislation and Public Policy | Private Insurers | Telehealth

On April 6, Rivkin Radler’s Eric Fader presented a COVID-19 Business Briefing on Telehealth. The Briefing covered recent developments in federal and state law and policy, and changes in private insurers’ policies, that have been aimed at encouraging the use of telehealth during the current public health emergency.

This Business Briefing was the second in

Read More
CARES Act Changes Privacy Rules for Substance Use Disorder Records
March 30, 2020 | Ashley Algazi | Behavioral Health | COVID-19 | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy | Litigation | Telehealth

The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), signed into law on March 27, made some substantial changes to the confidentiality rules for substance abuse and mental health records to bring them in line with HIPAA confidentiality rules. Among the changes, a covered entity or business associate may now use or disclose substance

Read More
Ransomware Attacks on Healthcare Industry Ramp Up
February 26, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Hospitals | Private Insurers

A recent article in HIPAA Journal, “Ransomware Attacks Have Cost the Healthcare Industry at Least $157 Million Since 2016,” discussed a new study by Comparitech that examined ransomware attacks on the healthcare industry. In the past three years, at least 172 ransomware attacks on healthcare entities in the U.S. have affected 1,446 facilities, providers and

Read More
Feb. 29 is Data Breach Reporting Deadline
February 20, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy

The HIPAA Breach Notification Rule requires that smaller data breaches – those involving fewer than 500 patient records – must be reported to the U.S. Department of Health and Human Services (HHS) no later than 60 days after the end of the calendar year in which the breach occurred. This year, the reporting deadline is

Read More
Alabama Health System Reeling After Ransomware Attack
January 6, 2020 | Margarita Christoforou | Cybersecurity | Electronic Health Records | HIPAA | Hospitals | Litigation

Alabama’s DCH Health System is facing a federal lawsuit filed by some former patients who allege it was negligent in discovering and responding to a ransomware attack on its computer system. In addition to negligence, the complaint accuses DCH of invasion of privacy, breach of contract and breach of fiduciary duty, among other things. The

Read More
Fader Gives Perspective on HIPAA Enforcement for Healthcare Risk Management
December 4, 2019 | Rivkin Rounds Staff | Cybersecurity | Electronic Health Records | HIPAA | Hospitals | Legislation and Public Policy | Litigation

Eric Fader contributed to Healthcare Risk Management’s HIPAA Regulatory Alert, which appeared in the publication’s December 2019 issue. The Alert outlines the best practices that will help avoid common HIPAA violations. Eric discusses the events that might trigger a regulatory action and the kinds of violations that may affect the severity of the penalties and fines.

Read More

Authors
show more

Get legal updates and news delivered to your inbox