At the end of last month, Boston hospital Beth Israel Deaconess Medical Center (BIDMC) settled a data breach lawsuit brought by the Massachusetts Attorney General related to the 2012 theft of a physician’s laptop. Under a consent decree entered on Nov. 20, 2014, BIDMC agreed to pay $100,000 and to take a number of steps to ensure future compliance with state and federal data security laws.
The state of Massachusetts filed the enforcement suit against BIDMC on the same day as the consent decree’s entry, alleging that an unauthorized person gained access to a BIDMC physician’s unlocked office on campus in May 2012 and stole an unencrypted personal laptop sitting unattended on a desk. Though the laptop was not hospital-issued, the physician used it regularly for hospital-related business with BIDMC’s knowledge and authorization. The physician and his staff allegedly were not following hospital policy and applicable law requiring employees to encrypt and physically secure laptops containing protected health information and personal information. According to the state, the laptop contained nearly 4,000 patients’ and employees’ protected health information and nearly 200 employees’ personal information, including names, Social Security numbers and medical information. The complaint also alleged that BIDMC failed to notify patients about the data breach until nearly three months later, in August 2012.…
Continue Reading →
Porter Wright continues its tradition of providing cutting-edge information about how technology affects your business with the 2014 Technology Seminar Series, beginning June 18. This year’s sessions are:
Social media in litigation: a shield and a sword
The worlds of social media and litigation have collided. Social media evidence is used in employment discrimination lawsuits, in divorce and custody cases, in criminal cases – and intellectual property cases are won and lost based on the information disclosed on social media sites. Like it or not, social media is an aspect of litigation that is here to stay. Sara Jodka, Colleen Marshall and Jay Yurkiw will walk you through how social media affects the way companies prepare for and engage in litigation, including the good, the bad and the ugly. This session will provide guidance about how you can make sure that your company’s social media use will not get the company into hot water. Presenters also will share helpful insights regarding what to do about social media when litigation is filed and identify the biggest social media in litigation hazards.…
Continue Reading →
Section 5 of the Federal Trade Commission Act — the Act that established the FTC in the first place — makes it unlawful to engage in “unfair methods of competition … and unfair or deceptive acts or practices…” Though the words seem simple enough, its application in today’s world is anything but simple, particularly when you talk about data privacy. Two companies — Wyndham Worldwide Corp. and LabMD Inc. — are publicly, and independently, challenging the FTC’s authority over their data security policies (and subsequent lapses). This post is a quick update about LabMD’s challenge.
In August 2013, the FTC filed an administrative complaint against LabMD, alleging that it lacked appropriate data security and unreasonably exposed the health and personal data of its consumers. LabMD conducts clinical laboratory tests on patients and reports its finding to patients’ health care providers. In performing the needed tests, LabMD typically obtains personal information, including names, addresses, dates of birth, SSNs, bank account or credit card information, laboratory tests, test codes and results, diagnoses, clinical histories, and health insurance company names and policy numbers. LabMD possesses such data for approximately 1 million consumers.
The FTC charged that LabMD “failed to provide reasonable and appropriate security for personal information on its computer networks.” Among other things, the complaint states that LabMD failed to:…
Continue Reading →