Canada Nabs Suspect in Alaska HIPAA Breach

Ontario Provincial Police (OPP) in Canada have arrested a man believed to be responsible for an Alaska HIPAA breach in April 2018 that resulted in the possible exposure of approximately 700,000 individuals' protected health information. Following a 23-month investigation, Matthew Philbert, 31, was arrested on November 30, 2020, and charged with fraud, unauthorized use of a computer, and "possession of device to [...]

2022-05-06T17:03:44-04:00December 27th, 2021|

Planned Parenthood Class Action Lawsuit Filed Following Data Breach

Planned Parenthood Los Angeles faces a class-action lawsuit in the wake of an October cyberattack that potentially exposed the protected health information (PHI) of 409,759 patients. The Planned Parenthood class-action lawsuit is discussed in detail below Planned Parenthood Class-Action Lawsuit – Details of Lawsuit Filed on December 9, 2021, by an unnamed patient, the lawsuit alleges that the patient and class members [...]

2022-05-06T17:03:47-04:00December 10th, 2021|

OCR HIPAA Investigation Leads to 20th Right of Access Fine

On September 10, 2021, the Department of Health and Human Services Office for Civil Rights (OCR) announced the issuance of another right of access fine. The OCR HIPAA investigation led to the twentieth right of access fine issued since the 2019 right of access enforcement initiative was announced. Children's Hospital & Medical Center OCR HIPAA Investigation In May 2020, the OCR received [...]

2022-05-06T14:43:58-04:00September 10th, 2021|

OCR Settles 19th HIPAA Right of Access Case

Since 2019, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has brought a number of enforcement actions against healthcare providers for their failure to comply with the HIPAA Privacy Rule’s right of access standard. This standard requires providers to give patients timely access to their medical records. Recently, OCR announced its 19th settlement under its 2019 right [...]

2022-05-06T14:44:01-04:00June 2nd, 2021|

Einstein Healthcare Class Action Lawsuit Alleges PHI Breach

Recently, a healthcare class action lawsuit was filed against Einstein Healthcare. The lead plaintiff in the healthcare lawsuit is patient Nanette Katz. In August of 2020, Einstein was the victim of a phishing attack that led to numerous employee email accounts being accessed by someone without authorization.  The 51-page complaint alleges Einstein Healthcare failed to secure and safeguard the protected health information (PHI) of patients, and failed to [...]

2021-05-04T13:39:21-04:00May 3rd, 2021|

OCR Fines Village Plastic Surgery for Stretching HIPAA Right of Access Rule

In late March of 2021, the Department of Health and Services (HHS) Office for Civil Rights (OCR) settled with New Jersey-based Village Plastic Surgery (VPS) for a potential violation of the HIPAA right of access rule. The $30,000 settlement requires VPS to undergo a two-year corrective plan (CAP). The details of the settlement are discussed below. Village Plastic Surgery HIPAA Right of Access Rule Violation [...]

2022-05-06T14:44:03-04:00March 26th, 2021|

21st Century Oncology Settles HIPAA Data Breach Lawsuit

In late 2015, a cyberattacker accessed 21st Century Oncology’s (21CO) network database. As a result, 21CO was investigated by the Department of Health and Human Services’ (HHS) Office for Civil Rights. 21CO settled with HHS, however, a class action lawsuit was then filed against them. Details on the settlement and the HIPAA data breach lawsuit are discussed below. 21st Century Oncology and OCR Settlement [...]

2021-02-18T10:58:36-05:00February 18th, 2021|

Sharp HealthCare Pays $70,000 to Settle Potential Right of Access Violation

In February of 2021, Sharp HealthCare, doing business as Sharp-Rees Stealy Medical Centers (SRMC), paid $70,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access standard. The Sharp settlement has become OCR’s sixteenth settlement under OCR’s right of access initiative. Under this initiative that began in 2019, OCR continues to [...]

2022-05-06T14:44:07-04:00February 12th, 2021|

Renown Health Fined $75,000 Under HIPAA Right of Access Initiative

Not-for-profit Nevada health system Renown Health, P.C., has agreed to pay $75,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access provision. The settlement is a product of HHS’ Right of Access Initiative. Under this initiative, OCR established cracking down on providers who fail to grant timely patient access to [...]

2022-05-06T14:44:07-04:00February 10th, 2021|

Vaccine Privacy Violations Under Investigation

Philly Fighting COVID, a private startup company tasked with vaccine distribution for the city, is under investigation. The Philadelphia Department of Public Health has ceased their relationship with the startup after allegations that the company’s privacy policies allowed for the sale of private information. More details on the alleged vaccine privacy violations are discussed. Vaccine Privacy Violations: What Do We Know? On [...]

2022-05-06T13:55:32-04:00January 29th, 2021|