Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: PHI

Posted in Health Privacy/HIPAA

HIPAA Penalty Caps to Be Reduced and Tied to Culpability Level

In a dramatic turn, the US Department of Health and Human Services (HHS) has announced that effective immediately, penalties for many HIPAA violations will be subject to substantially reduced limits. After a record year of collecting high-dollar settlements, the agency has pulled back and tied its own hands through a Notification of Enforcement Discretion that will likely result in lower penalties and settlement agreement amounts.

Posted in Health Privacy/HIPAA, Privacy & Security Litigation

Aetna $17.2 Million Breach Settlement Brings Lessons for Handling Health Data

Aetna will pay almost $17.2 million to settle a federal class action lawsuit stemming from a 2017 mailing that disclosed the HIV status of health plan members. Aetna also agreed last week to pay a $1.15 million fine to the state of New York after the Attorney General Eric Schneiderman’s investigation into Aetna’s alleged violations of federal and state privacy laws. Both settlements require compliance monitoring and record keeping obligations.

Posted in News & Events

Upcoming Webinar on Privacy and the Internet of Things

Join us tomorrow, October 25 for the next installment of our 2017 Internet of Things webinar series and get practical guidance on privacy compliance challenges presented by the Internet of Things.

Posted in Health Privacy/HIPAA

Recap of the OCR/NIST Conference on Safeguarding Health Information

Representatives from government and the private sector discussed the present state of healthcare cybersecurity, and experts discussed practical strategies for implementing the HIPAA Security Rule at the ninth annual “Safeguarding Health Information: Building Assurance through HIPAA Security” conference held from October 19–20, 2016 and co-hosted by the National Institute of Standards and Technology and the Department of Health and Human Services, Office for Civil Rights. Comprehensive, enterprise-wide risk analysis and risk management practices remained points of emphasis throughout the conference. Additional themes, which we outline in this post, also emerged.