By Porter Wright on The new year continues as the old ended, with HIPAA enforcement actions. On Jan. 11, 2017, MAPFRE Life Insurance Company of Puerto Rico (MAPFRE Life) entered into a Resolution Agreement with the United States Department of Health and Human Services, Office for Civil Rights (HHS) in which MAPFRE Life agreed to pay approximately $2.2 million … Continue Reading
By Donna Ruscitti on Porter Wright continues its tradition of providing cutting-edge information about how technology affects your business with the 2016 Technology Seminar Series, beginning May 18. This year’s sessions are: May 18: Big Data, Data Analytics & the Law 2016: What Your Company Needs to Know About the Evolution of the Next Big Thing “Big data” is one of today’s … Continue Reading
By Donna Ruscitti on Our colleagues over at Antitrust Law Source recently published a podcast on the inevitable health care data breach and how you can lessen the damages. Some key issues include: when to review data security policies, how to prepare for a potential breach and how to deal with third-party vendor access. Listen to the podcast to … Continue Reading
By Jay L. Levine on At the end of last month, Boston hospital Beth Israel Deaconess Medical Center (BIDMC) settled a data breach lawsuit brought by the Massachusetts Attorney General related to the 2012 theft of a physician’s laptop. Under a consent decree entered on Nov. 20, 2014, BIDMC agreed to pay $100,000 and to take a number of steps … Continue Reading
By Donna Ruscitti on Porter Wright continues its tradition of providing cutting-edge information about how technology affects your business with the 2014 Technology Seminar Series, beginning June 18. This year’s sessions are: Social media in litigation: a shield and a sword June 18 The worlds of social media and litigation have collided. Social media evidence is used in employment … Continue Reading
By Jay L. Levine on Section 5 of the Federal Trade Commission Act — the Act that established the FTC in the first place — makes it unlawful to engage in “unfair methods of competition … and unfair or deceptive acts or practices…” Though the words seem simple enough, its application in today’s world is anything but simple, particularly when you talk about data privacy. Two companies — Wyndham Worldwide Corp. and LabMD Inc. — are publicly, and independently, challenging the FTC’s authority over their data security policies (and subsequent lapses). This post is a quick update about LabMD’s challenge.
In August 2013, the FTC filed an administrative complaint against LabMD, alleging that it lacked appropriate data security and unreasonably exposed the health and personal data of its consumers. LabMD conducts clinical laboratory tests on patients and reports its finding to patients’ health care providers. In performing the needed tests, LabMD typically obtains personal information, including names, addresses, dates of birth, SSNs, bank account or credit card information, laboratory tests, test codes and results, diagnoses, clinical histories, and health insurance company names and policy numbers. LabMD possesses such data for approximately 1 million consumers.
The FTC charged that LabMD “failed to provide reasonable and appropriate security for personal information on its computer networks.” Among other things, the complaint states that LabMD failed to:
… Continue Reading
By Porter Wright on In case you missed the OCR announcement late yesterday afternoon, the Department of Health and Human Services announced that it was imposing a civil money penalty of $4.3 million dollars against Cignet Health for various violations of HIPAA. These penalties were based upon the violation categories and increased penalty amounts authorized by the HITECH Act; … Continue Reading
By Porter Wright on The Department of Health and Human Services (HHS) announced yesterday that it was temporarily withdrawing the breach notification final rule from review of the Office of Management and Budget (OMB) to allow HHS further time to consider these regulations. The breach notification rule, among other things, requires covered entities to notify individuals whose protected health information … Continue Reading
By Porter Wright on The Office of Civil Rights for the Department of Health and Human Services (HHS) recently requested comments related to its upcoming rulemaking under the Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009. HITECH expands the current HIPAA Privacy Rule requirement that a covered entity provide … Continue Reading