Cybersecurity
October 9, 2020 | Ada Janocinska | Cybersecurity | Electronic Health Records | HIPAA | Litigation | Private Insurers
Health insurer Anthem, Inc. has finally reached a settlement with a coalition of 41 states plus the District of Columbia, and a separate settlement with California, to resolve state attorney general investigations of a data breach that occurred in 2014. Anthem has agreed to pay the states a total monetary penalty of $48.2 million.
The
Read MoreSeptember 29, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Litigation | Private Insurers
The third HIPAA settlement to be announced by the U.S. Department of Health and Human Services within one week was a big one. On September 25, HHS announced that Premera Blue Cross agreed to pay $6.85 million to HHS’s Office for Civil Rights (OCR) to settle HIPAA violations arising out of a data breach that
Read MoreSeptember 25, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy | Medical Devices and Wearables | Telehealth
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently unveiled a new website with updated guidance and resources for mobile health app developers regarding the HIPAA Privacy, Security, and Breach Notification Rules. The new Resources for Mobile Health Apps Developers site replaces OCR’s prior Health App Developer Portal.
The new site’s Health
Read MoreSeptember 23, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Litigation
On September 21, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a $1.5 million agreement with Athens Orthopedic Clinic PA to settle “longstanding, systemic noncompliance” with the HIPAA Privacy and Security Rules. OCR’s investigation was triggered by a 2016 data breach that affected more than 200,000 of Athens Orthopedic’s patients.
Read MoreApril 7, 2020 | Rivkin Rounds Staff | Behavioral Health | COVID-19 | Cybersecurity | HIPAA | Home Health | Hospitals | Legislation and Public Policy | Private Insurers | Telehealth
On April 6, Rivkin Radler’s Eric Fader presented a COVID-19 Business Briefing on Telehealth. The Briefing covered recent developments in federal and state law and policy, and changes in private insurers’ policies, that have been aimed at encouraging the use of telehealth during the current public health emergency.
This Business Briefing was the second in
Read MoreMarch 30, 2020 | Ashley Algazi | Behavioral Health | COVID-19 | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy | Litigation | Telehealth
The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), signed into law on March 27, made some substantial changes to the confidentiality rules for substance abuse and mental health records to bring them in line with HIPAA confidentiality rules. Among the changes, a covered entity or business associate may now use or disclose substance
Read MoreFebruary 26, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Hospitals | Private Insurers
A recent article in HIPAA Journal, “Ransomware Attacks Have Cost the Healthcare Industry at Least $157 Million Since 2016,” discussed a new study by Comparitech that examined ransomware attacks on the healthcare industry. In the past three years, at least 172 ransomware attacks on healthcare entities in the U.S. have affected 1,446 facilities, providers and
Read MoreFebruary 20, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy
The HIPAA Breach Notification Rule requires that smaller data breaches – those involving fewer than 500 patient records – must be reported to the U.S. Department of Health and Human Services (HHS) no later than 60 days after the end of the calendar year in which the breach occurred. This year, the reporting deadline is
Read MoreJanuary 6, 2020 | Cybersecurity | Electronic Health Records | HIPAA | Hospitals | Litigation
Alabama’s DCH Health System is facing a federal lawsuit filed by some former patients who allege it was negligent in discovering and responding to a ransomware attack on its computer system. In addition to negligence, the complaint accuses DCH of invasion of privacy, breach of contract and breach of fiduciary duty, among other things. The
Read MoreDecember 4, 2019 | Rivkin Rounds Staff | Cybersecurity | Electronic Health Records | HIPAA | Hospitals | Legislation and Public Policy | Litigation
Eric Fader contributed to Healthcare Risk Management’s HIPAA Regulatory Alert, which appeared in the publication’s December 2019 issue. The Alert outlines the best practices that will help avoid common HIPAA violations. Eric discusses the events that might trigger a regulatory action and the kinds of violations that may affect the severity of the penalties and fines.
Read More