Two days after imposing the first-ever civil money penalty for HIPAA violations, the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) announced that Massachusetts General Hospital (Mass General) has agreed to pay $1 million to settle potential violations of the HIPAA Privacy Rule. OCR initiated an investigation of Mass
February 2011
EU’s Hustinx: Data Protection Law Sanctions Should Mirror Competition Law
At a recent presentation in Frankfurt, Peter Hustinx, head of the European Data Protection Supervisor Office in Brussels, launched an intriguing idea: sanctioning violations of data protection law in the same manner as violations of competition law.
The trade press regularly reports on multi-million euro fines for cartels or abuses of dominant positions by companies…
HHS Imposes $4.3 Million Civil Money Penalty for HIPAA Privacy Violations
The Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) announced Tuesday that it has issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, Maryland (Cignet) violated the HIPAA Privacy Rule. HHS imposed a $4.3 million civil money penalty on Cignet for the violations—the first…
Privacy Lawsuit Against Cable One Dismissed
Today the District Court for the Northern District of Alabama dismissed the class action lawsuit filed against our client, Cable One, Inc., for lack of subject matter jurisdiction because the named plaintiff lacked standing. The litigation arose out of a limited test of NebuAd Inc.’s “deep packet inspection” technology, which was used to create anonymous,…
Report: Over 6 Million Individuals Affected by PHI Breaches Since August 2009
A total of 225 breaches of protected health information (PHI) affecting 6,067,751 individuals have been recorded since the HIPAA breach notification rule was issued in August 2009 pursuant to the HITECH Act, according to a report by Redspin, a provider of HIPAA risk analysis and IT assessment services.
According to the report:
- Single breaches affecting
…
European Data Protection Authorities Concerned About PNR Agreements
The Article 29 Working Party, comprising data protection authorities from each of the EU Member States and the European Data Protection Supervisor, has reiterated concerns about aspects of Passenger Name Record (PNR) agreements between the EU and the US, Canada and Australia. Under the agreements, airlines must allow authorities in the US, Canada and Australia…
HIPAA/HITECH Regulations are Coming: What do Pharmaceutical Companies Need to Know? (Part 5 of 5)
In our final post on what pharmaceutical companies should know about the forthcoming HIPAA/HITECH regulations, we will discuss provisions in the proposed rule relating to the sale of protected health information. We previously covered the Department of Health and Human Service’s (HHS) proposed treatment of communications about currently prescribed drugs, remunerated treatment communications,…
HIPAA/HITECH Regulations are Coming: What do Pharmaceutical Companies Need to Know? (Part 4 of 5)
This is the fourth in our series on provisions of the Department of Health and Human Services (HHS) proposed rule implementing the HITECH Act that, if included in the final rule, are likely to have the greatest impact on the business operations of pharmaceutical and other life sciences companies. We previously covered HHS’s proposed treatment…
Privacy Bills Begin Dropping in Congress; More to Follow
As expected, this year is shaping up to be a busy year on privacy. As we noted in an earlier post, many Congressional members on both sides of the aisle are focusing on privacy issues. We still expect Senator Kerry to introduce comprehensive privacy legislation in the next few weeks and we understand Senator…
Apple Sued Again For Alleged Privacy Violations
For the fourth time in the past two months, Apple has been sued for allegedly violating the privacy of iPad and iPhone users. Like the previous three suits (two of which we discussed in this post), Rodimer v. Apple, Inc. [PDF] alleges that Apple transmitted “personal information,” including Unique Device IDs (“UDIDs”) to application developers,…