On Wednesday, December 4, 2013, the HHS Office of Inspector General (OIG) issued a report raising concerns about the adequacy of the HHS Office for Civil Rights’ (OCR) oversight and enforcement of HIPAA’s Security Rule. The Security Rule establishes the administrative, physical, and technical safeguards that covered entities and their business associates are required to implement […]
HIPAA
FTC Announces 2014 Spring Seminars Disclosing Future Regulatory Focus
Yesterday, the Federal Trade Commission announced three main topics that will be the focus of its Spring 2014 privacy seminars. The areas to be examined are: (1) Mobile Device Tracking; (2) Alternative Scoring Products; and (3) Consumer Generated and Controlled Health Data. The Mobile Device Tracking seminar, which is open to the public, will take […]
AvMed’s Novel Data Breach Settlement- First Time Payment to Plaintiffs Who Have Not Suffered Identity Theft as a Result of Data Breach
Recently, AvMed agreed to pay $3 million in a data breach settlement. What sets this apart from other data breach settlements is Plaintiffs who have not suffered identity theft as a result of the breach may nevertheless collect from the Settlement Fund. Plaintiffs who did not suffer identity theft claimed they were injured by overpaying […]
HHS/OCR Posts HIPAA Privacy, Security and Breach Notification Audit Protocol
In our November 30, 2011 and March 7, 2012 posts, we discussed the HHS Office for Civil Rights (OCR) audit pilot program, which began in November 2011 and is expected to conclude in December 2012. The audit program has been developed pursuant to the requirements of the HITECH Act. Under the audit pilot program, OCR conducted an […]