Category: Health Data

Today’s human error example comes from Willis North America, who reports that an employee accidentally attached a spreadsheet with employee information to an email reminding employees about earning wellness credits for the firm’s Medical Expense Benefits health plan. You can read more in their April 17th notification to the New Hampshire Attorney General’s Office. Update:…

QCA Health Plan, Inc., of Arkansas, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, agreeing to a $250,000 monetary settlement and to correct deficiencies in its HIPAA compliance program. On February 21, 2012, HHS received notification from QCA regarding a breach of…

Concentra Health Services (Concentra) has agreed to pay OCR $1,725,220 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, and will adopt a corrective action plan to evidence their remediation of these findings. The settlement stems from an incident on November 30, 2011 (previously reported…

Erin McCann reports: The new 2014 Verizon Data Breach Investigations Report highlights a concerning carelessness regarding privacy and security, specific to the healthcare industry. “They seem to be somewhat behind the curve as far as implementing the kinds of controls we see other industries already implemented,” said Suzanne Widup, senior analyst on the Verizon RISK…

HHS has another big update to their public-facing breach tool. While many of the incidents they have added have already been noted on this blog, there are some ones that have not been mentioned here previously. Here are the incidents we did know about already (links are to previous coverage of the incident on PHIprivacy.net):…