There is no doubt that social media has its benefits, especially for medical practices that have come to use it for marketing and advertising. However, risks are lurking. On October 2, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) entered into a $10,000 settlement with a dental practice (the “Practice”) for disclosing protected health information of a patient when responding to a review on a Yelp page.
Continue Reading OCR Fines Dental Practice $10,000 For Social Media Disclosures
Data Security and Breach Notification Act
ALJ Judge Upholds OCR’s $4,348,000 Data Breach Penalty on Texas Hospital
HIPAA has teeth. On June 1, 2018, an Administrative Law Judge (ALJ) ruled that the University of Texas MD Anderson Cancer Center violated HIPAA. In doing so, the ALJ granted the Office of Civil Rights (OCR) summary judgment, requiring the hospital to fork up the $4,348,000 in civil monetary penalties imposed by OCR.
Continue Reading ALJ Judge Upholds OCR’s $4,348,000 Data Breach Penalty on Texas Hospital
National Data Breach Notification Law Proposed
At the end of last week, three U.S. Democratic Senators, including Connecticut’s Richard Blumenthal, proposed the 44-page Data Security and Breach Notification Act (“Proposed Act”). The Proposed Act would preempt the laws of the 48 states that currently have data breach notification laws and the Federal Trade Commission (“FTC”) would have enforcement authority. State Attorneys General would be permitted to pursue violations of the Proposed Act as civil actions in federal court if the FTC has not already initiated an action. The Proposed Act also provides for sizable civil penalties up to $5 million and criminal penalties including imprisonment for up to 5 years for willful failure to notify those impacted.
Continue Reading National Data Breach Notification Law Proposed