Tag:breach
Personal Information Protection Act (“PIPA”): Redefining Cyber-Security & Consumer Protection
Illinois’ Personal Information Protection Act (“PIPA”) became effective on January 1, 2017. Illinois is just one of many states that recently strengthened their data breach notification systems and created data security laws to enhance protection of personal information. Like other state provisions, Illinois created stronger safeguards for personal information transmitted electronically. This act requires that all personal information provided electronically must be encrypted or redacted. The amendments to PIPA (1) broadened the statute’s definition of personal information; (2) clarified the safe harbor for encryption; (3) addressed required notification to residents after a breach; and (4) established limited exemptions.
HIPAA Punctuality: Always Insist On It In Your Subordinates
In an unprecedented act, the Office for Civil Rights (OCR) entered into a settlement agreement with Presence Health Network based on the healthcare system’s failure to timely report a breach of unsecured protected health information (PHI). Under the Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA) a covered entity must notify affected individuals, the Department of Health and Human Services (HHS), and the media for breaches affecting 500 people or more. Presence Health will pay $475,000 and implement a corrective action plan (CAP) to address misunderstandings in workforce member roles and responsibilities relating to the notification process.
When Policies and Procedures Are Just Not Enough: Memorial Healthcare System Settlement
Alexander Thompson Associate Editor Loyola University Chicago School of Law, JD 2018 On February 16, 2017, the HHS Office of Civil Rights Acting Director, Robinsue Frohboese, announced the second largest HIPAA settlement fine ever. At $5.50 million, Memorial Healthcare System’s fine was just behind the $5.55 million given to Advocate Healthcare in 2016. Memorial …
Read more
Protected Health Information: Has it been Compromised?
Ryan Whitney Managing Editor Loyola University Chicago School of Law, JD 2017 HIPAA breaches occur on a daily basis. Although undesirable, many of these breaches are not serious enough to require patient notification. But others are more egregious and can cause harm to both the patient and the providing entity. This article outlines a …
Read more
Advocate Settles with OCR for $5.55 Million, Officially the Highest Single HIPAA Violation Settlement to Date
Fannie Fang Executive Editor Loyola University Chicago School of Law, JD 2017 The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently agreed to a settlement with Advocate Health Care Network (Advocate), the largest health systems in the Chicago area. In the settlement, Advocate agreed to pay a sum of …
Read more
Legislation Involving Disclosure of Data Breaches
Gilbert Carrillo Executive Editor Loyola University Chicago School of Law, JD 2017 Yahoo is just the latest company to have a major cyber security data breach. What is more troubling is how this data breach occurred about 2 years ago and only just now the public is being told about the incident. Was Yahoo …
Read more
OCR To Devote Greater Resources To HIPAA Breaches Affecting Fewer Than 500 Individuals
Christine Bulgozdi Associate Editor Loyola University Chicago School of Law, JD 2018 The Office of Civil Rights (OCR) announced in August that they would be focusing more efforts on investigating breaches of Protected Health Information (PHI) affecting fewer than 500 individuals. Currently, regional offices investigate all breaches affecting more than 500 individuals, but only …
Read more