Settlement Reached in Excellus HIPAA Class Action Lawsuit

The final chapter of the Excellus Health Plan 2015 data breach that affected more than 9.3 million patients nationwide may be in sight. A settlement has been reached between the plaintiffs’ attorneys and the company in the Excellus HIPAA class action lawsuit, pending judicial review. Basis of Excellus HIPAA Class Action Lawsuit Attorneys announced the settlement on January 24, 2022, with Excellus, [...]

2023-10-27T12:28:26-04:00January 27th, 2022|

NY AG SHIELD UP! Vision Benefits Provider Settles Email Data Breach

In January of 2022, EyeMed Vision Care LLC, a New York vision benefits provider, settled an action brought by the New York State Attorney General against it for failing to implement adequate data security measures, including multifactor authentication, password management, and logging of email accounts.  These deficiencies resulted in a 2020 email data breach during which hackers accessed an EyeCare email account [...]

2023-07-27T14:18:12-04:00January 26th, 2022|

Accellion Settles Healthcare Data Breach Suit for $8.1 Mil

According to a Reuters report, Accellion Inc., now rebranded as Kiteworks, has reached an $8.1 million settlement to end litigation following a 2020 healthcare data breach that affected companies and patients worldwide. Background on Accellion Healthcare Data Breach The breach occurred in December 2020 when cybercriminals exploited zero-day vulnerabilities in the company’s File Transfer Appliance (FTA).  The breaches affected federal, state, local, [...]

2023-07-27T14:25:52-04:00January 20th, 2022|

Hackensack Cancer Center Settles HIPAA Violations With New Jersey Attorney General

In December of 2021, the New Jersey Attorney General’s Division of Consumer Affairs, Office of Consumer Protection, settled a HIPAA enforcement action that it brought against Regional Cancer Care Associates (RCCA). RCCA is based in Hackensack, New Jersey, and has over 30 locations throughout New Jersey, Connecticut, Maryland, and the Washington DC area. RCCA treats cancer patients as well as patients with blood disorders. RCCA fell victim to [...]

2023-07-27T15:28:11-04:00December 23rd, 2021|

New Jersey State Attorney General Settles HIPAA Claims Against Printing Companies

In November of 2021, the New Jersey State Attorney General’s (AG) Office, Division of Consumer Affairs, settled 2 HIPAA claims, one HIPAA claim against Command Marketing Innovations (CMI), and another HIPAA claim against CMI’s business associate, Strategic Content Imaging, LLC (SCI). This $130,000 resolution settled each company’s potential HIPAA Security Rule and Privacy Rule violations. The printing companies were drummed into New Jersey court for having [...]

2023-07-27T15:32:01-04:00December 21st, 2021|

The Fines They Are A’Changin’: Lessons from 2021 HIPAA Fines

This year, the Department of Health and Human Services’ Office for Civil Rights (OCR) resolved 14 enforcement actions it had filed against healthcare providers, health plans, and clinical labs. OCR resolved all but one of these 13 through entering into a Settlement Agreement with the covered entity. In the remaining action, OCR imposed a civil monetary penalty on the provider. The lessons from 2021 HIPAA fines are three-fold: [...]

2023-08-08T15:54:39-04:00December 17th, 2021|

OCR Settles 5 HIPAA Right of Access Complaints

On November 30, 2021, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of five HIPAA right of access investigations. OCR settled four right of access complaints, with providers in Ohio, Colorado, Oregon and North Carolina. OCR imposed a civil monetary penalty (CMP) on a fifth provider, a cardiologist in Long Island (New Hyde Park), New York. OCR imposed a penalty [...]

2023-07-27T15:51:12-04:00December 3rd, 2021|

$130K State HIPAA Settlement Announced

Two printing companies settled with New Jersey over an incident that exposed protected medical and client information. Under the state HIPAA settlement, Command Marketing Innovations, LLC (CMI) and Strategic Content Imaging, LLC (SCI) agreed to pay a $130,000 fine and implement more robust security policies. Why Were They Fined? The incident that led up to the state HIPAA settlement occurred when the [...]

2023-07-27T16:12:19-04:00November 12th, 2021|

OCR HIPAA Investigation Leads to 20th Right of Access Fine

On September 10, 2021, the Department of Health and Human Services Office for Civil Rights (OCR) announced the issuance of another right of access fine. The OCR HIPAA investigation led to the twentieth right of access fine issued since the 2019 right of access enforcement initiative was announced. Children's Hospital & Medical Center OCR HIPAA Investigation In May 2020, the OCR received [...]

2023-07-27T16:37:43-04:00September 10th, 2021|

OCR Settles 19th HIPAA Right of Access Case

Since 2019, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has brought a number of enforcement actions against healthcare providers for their failure to comply with the HIPAA Privacy Rule’s right of access standard. This standard requires providers to give patients timely access to their medical records. Recently, OCR announced its 19th settlement under its 2019 right [...]

2023-07-28T13:14:06-04:00June 2nd, 2021|