Pagosa Springs Medical Center (PSMC) has agreed to pay $111,400 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) for an alleged violation of HIPAA. OCR found that the company failed to deactivate a former employee’s access to a web-based calendar that contained the protected health information […]
Posts about Privacy, Security and HIPAA Enforcement by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness training company.
Largest COPPA Penalty Ever – NY AG Settles with Oath (Formerly AOL)
On December 4, 2018, New York Attorney General Barbara D. Underwood announced a $4.95 million settlement with Oath, Inc. (formerly known as AOL), for violating the Children’s Online Privacy Protection Act (COPPA). This is the largest penalty in a COPPA enforcement case in U.S. history.
Vendor Management Matters: HIPAA Enforcement for $500K for Lack of a Business Associate Agreement
Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) for an alleged violation of HIPAA. OCR found that the company shared protected health information (PHI) with an unknown vendor without a business associate agreement (BAA). According to […]
HIPAA Enforcement Case – Allergy Associates
Allergy Associates of Hartford has agreed to pay $125,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) for an alleged violation of HIPAA. The incident occurred in February 2015. A patient reached out to a local TV station about a dispute with a doctor at Allergy Associates. […]
Will the FTC Remain a Leader on Privacy and Security?
In an unprecedented transition, the FTC just got a full slate of 5 new commissioners, three Republicans and two Democrats: Joe Simons (Chairman) – R Noah Phillips – R Christine Wilson – R Rohit Chopra – D Rebecca Slaughter – D It is difficult to predict how the FTC will approach privacy. The new commissioners […]
FTC v. AT&T Mobility
In a very important decision, FTC v. AT&T Mobility (9th Cir. 2018 en banc), the U.S. Court of Appeals for the 9th Circuit en banc reversed an earlier panel decision that severely limited the FTC’s jurisdiction to protect privacy and data security. I strongly criticized the panel decision in an previous blog post. The FTC has taken […]
HIPAA Enforcement Case – Filefax
This week the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an agreement to settle HIPAA violations with Filefax, located in Northbrook, Illinois. One aspect was different than their usual settlement process in that Filefax closed the business down during the OCR investigation and was no longer operating when […]
HIPAA Enforcement 2017: Another Big Year for HIPAA Enforcement
At the end of 2017, the OCR logged just under $20 million in fines for HIPAA violations from 10 enforcement actions with monetary penalties. In 2016, the total in penalties was roughly the same amount but from 15 organizations. Here is an overview of the resolution agreements and enforcement actions with civil monetary penalties from […]
Why Is HIPAA Data Breach Enforcement Increasing? An Insurer’s View from Katherine Keefe
Recently, HIPAA enforcement over data breaches is increasing – a lot. This year has seen some of the largest monetary penalties. Why is this happening? I had the chance to interview Katherine Keefe, who leads the Beazley Breach Response (BBR) Services Group. I am particularly interested in the insurer’s perspective, so I interviewed Katherine.
The Future of the FTC on Privacy and Security
Co-authored by Professor Woodrow Hartzog The Federal Trade Commission is the most important federal agency regulating privacy and security. Its actions and guidance play a significant role in setting the privacy agenda for the entire country. With the Trump Administration about to take control, and three of the five Commissioner seats open, including the Chairperson, […]