I was excited back in 2010 when HHS started posting breaches on what some would call the “wall of shame.” I knew that we’d only learn about breaches involving HIPAA-covered entities, but at least we were finally starting to get some actual data. Now, more than 6 years later, it’s become clear to me that it’s probably best to just call time of death…
Category: Commentaries and Analyses
Where is the future of HIPAA enforcement headed?
Ira Parghi of Ropes & Gray writes: Since January 2016, the OCR has entered into resolution agreements with, and imposed Corrective Action Plans (CAPs) on, providers and others in at least 12 matters involving the Security Rule. It has also imposed a Civil Monetary Penalty on one entity. Most of these cases involve stolen, unencrypted…
Former Employee: Chester County First Responders and Citizens Are Vulnerable to Hackers Due to Cyber Security Gaps
NBC10 reports: If you’ve ever been pulled over by police or had an ambulance rush to your home, laptop computers offer a way for first responders to check some of your most personal information. Former Chester County Technical Communications Specialist David Cucchi insists however that the laptops in his county also offered a glaring opportunity…
What kind of month was April for health data breaches?
Protenus has published its Breach Barometer for April, with data and some analyses provided by this site. The analyses were based on the following incidents: Amedisys Home Health Area Agency of Aging 1-B: On March 31, 2017 the Area Agency on Aging 1-B (AAA 1-B) became aware of an unintentional potential disclosure of the personal health information…
Court Applies Work Product Protection to Breach Investigation Reports
Al Saikali of Shook Hardy & Bacon LLP writes about a key issue that has come up a number of times in discussing incident response and liability: One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from…
Substantial Risk of Harm in Data Breach Class Actions Ripe for Supreme Court Review
Jonathan Forman writes: Early in May, the U.S. Court of Appeals for the Second Circuit in Whalen v. Michaels Stores, Inc., No. 16-260 (L) (2d Cir. May 2, 2017), affirmed the dismissal of a data breach class action brought against Michaels Stores Inc. (Michaels) for failing to sufficiently allege an injury to support standing. This…