Aimee Jachym and Samantha A. Kopacz of Miller Canfield PLC write: New guidance issued by the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) reaffirms that business associates must have proper HIPAA compliance practices, safeguards and documentation in place in order to avoid costly penalties. OCR recently released a Fact…
Category: Health Data
Ca: Weight Loss Grants posts customer health information without consent
Sean O’Shea reports: A company that promised to pay customers for losing weight has posted personal information about clients, including their names, weights, weight loss goals and even facial photographs on its website. Weight Loss Grants revealed the personal information without clients’ consent after news reports described how the organization failed to make payments to…
Update on American Medical Collection Agency breach: Almost 12 million Quest Diagnostic patients impacted
On May 10, DataBreaches.net broke the story of a medical collection agency breach involving American Medical Collection Agency. The breach had been discovered by Gemini Advisory, who informed this site that they had found approximately 200,000 patients’ payment card info for sale on a well-known marketplace. The cards had apparently been compromised between September, 2018…
Health Quest phishing incident in 2018 results in notification to patients, but why such a long delay?
Today’s Poughkeepsie Journal has a news story about a phishing incident that appears to have been discovered in July, 2018 that affected an unspecified number of Health Quest patients. From the available information, it sounds like Health Quest first discovered email attachments in January, 2019, and then it took them until April 2, 2019 to…
NY: Broome County security breach put employees’ and clients’ personal information at risk
Katie Sullivan Borrelli reports: Broome County says an unauthorized individual may have had access to the personal information of county employees and individuals who receive the county’s care, including their Social Security numbers, medical records and bank account information. In a news release sent on its behalf by Mullen Coughlin LLC, of Wayne, Pennsylvania, the…
Tennessee, 15 Other States Reach $900,000 Data Breach Settlement With Medical Informatics Engineering
Attorney General Herbert H. Slatery III announced Wednesday that a U.S. District Court judge has signed a consent judgment negotiated by 16 states’ attorneys general and Medical Informatics Engineering, Inc. This case was the nation’s first-ever multistate lawsuit involving a HIPAA-related data breach. The lawsuit, led by Indiana, was filed in December of 2018 against…