There is an enforcement update to an incident noted on this site in 2018. The incident that involved New England Dermatology P.C., d/b/a New England Dermatology and Laser Center (“NDELC”) was summarized by HHS in their resolution agreement and corrective action plan for this case: On May 11, 2021, NEDLC filed a breach notification report…
Category: HIPAA
Transparency #FAIL: Why won’t Anthem/Elevance Health answer a simple question about breaches?
A DataBreaches opinion piece. You might think a giant insurer like Anthem, which has experienced at least several breaches over the years — including one of the most significant breaches ever — would understand the importance of transparency by now. Apparently not. On May 24, Anthem (now known as Elevance Health) posted a notice on…
Family Practice Center discloses a breach from October 2021
DataBreaches really and truly does not understand how entities can take so long to investigate some breaches before disclosing them. If HHS feels that seven months from the first detection of an attack to notification is reasonable or acceptable, then let it change the regulations. If it is not acceptable and HHS wants entities to…
Associated Eye Care Partners, LLC discloses vendor breach. Can you guess which vendor?
One of the breach notices that showed up in routine searches this morning was from Associated Eye Care Partners, LLC (“AEC”). The first sentence of the notification letter was: We are contacting you to inform you of a data incident experienced by a third-party vendor for Associated Eye Care Partners, LLC (“AEC”). My mind…
OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief
Theresa Defino reports: Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and business associates (BAs). And, if Congress agrees, its impact would expand significantly in the coming months. As part of its…
HHS OCR Issues Annual HIPAA Reports to Congress
Chris Bennington of Epstein Becker Green writes, in part: The HITECH Act requires OCR to issue annual reports to Congress of HIPAA breaches and complaints received by OCR during the calendar year. For 2020, OCR reported that it received 656 notifications of breaches affecting 500 or more individuals, 66,509 notifications of breaches affecting fewer than…