HIPAA/PIPEDA Enforcement

Recent fines and censures regarding HIPAA and PIPEDA laws.


County Government Settles Potential HIPAA Violations - March 7, 2014

"Skagit County, Washington, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. Skagit County agreed to a $215,000 monetary settlement and to work closely with the Department of Health and Human Services (HHS) to correct deficiencies in its HIPAA compliance program."

Read the full article


Triple-S fined $6.8M for HIPAA issue - February 15, 2014

"ASES Director Ricardo Rivera said Triple-S Salud was fined $6.7 million improperly handled private health records of more than 13,330 patients in written correspondence to them. Another $100,000 fine was tacked on after the company provided vague or incomplete information during the probe," he said.

Read the full article


Clinic Hit With $150,000 HIPAA Penalty - December 27, 2013

The Department of Health and Human Services' Office for Civil Rights on Dec. 26 announced a resolution agreement with Adult & Pediatric Dermatology, P.C., of Concord, Mass. "Organizations, regardless of size, that act irresponsibly and put patient information at risk may be held accountable," he says. "Failure to analyze the risks associated with patient information in your possession is, at best, negligence, and OCR has said when negligence is spotted enforcement will follow."

Read the full article


Samaritan Health Services fined for July data breach - November 4, 2013

"The files were supposed to be shredded but were thrown in a recycling bin instead. In response to the incident, Samaritan retrained staff at the clinic involved and audited document destruction process at its other clinics."

Read the full article


HHS Settles with Health Plan in Photocopier Breach Case - August 14, 2013

Under a settlement with the U.S. Department of Health and Human Services (HHS), Affinity Health Plan, Inc. will settle potential violations of the HIPAA Privacy and Security Rules for $1,215,780. OCR's investigation indicated that Affinity impermissibly disclosed the protected health information of up to 344,579 individuals when it returned multiple photocopiers to a leasing agent without erasing the data contained on the copier hard drives.

Read the full article


Walgreens fined $1.44 million for pharmacist data breach

"As a provider of pharmaceutical service, defendant Walgreens Co. owes a non-delegable duty to its customers to protect their privacy and confidentiality of its customers' pharmaceutical information and prescription histories," Hinchy claimed in the lawsuit, according to the Star.

Read the full article


WellPoint pays HHS $1.7 million for leaving information accessible over Internet - July 11, 2013

The managed care company WellPoint Inc. has agreed to pay the U.S. Department of Health and Human Services $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. OCR's investigation indicated that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule.

Read the full article


Shasta Regional Medical Center Settles HIPAA Security Case for $275,000 - June 13, 2013

Shasta Regional Medical Center (SRMC) has agreed to settle an investigation by the U.S. Department of Health and Human Services (HHS) about potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and will pay a $275,000 monetary settlement.

Read the full article


Idaho State University settles HIPAA security case for $400,000 - May 21, 2013

Idaho State University (ISU) has agreed to pay $400,000 to the U.S. Department of Health Human Services (HHS) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. This settlement involves the breach of unsecured electronic protected health information (ePHI) of 17,500 individuals who were patients at an ISU clinic.

Read the full article


B.C. privacy breach shows millions affected - January 15, 2013

The personal-health data of millions of British Columbians has been accessed without proper authorization, and in the most serious cases, the provincial government says it will notify 38,486 individuals of the breaches by letter. Health Minister Margaret MacDiarmid made the announcement as part of an ongoing investigation into research-grant practices between ministry employees and researchers at the universities of B.C. and Victoria.

Read the full article


HHS announces first HIPAA breach settlement involving less than 500 patients - January 2, 2013

The Hospice of Northern Idaho (HONI) has agreed to pay the U.S. Department of Health and Human Services (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. This is the first settlement involving a breach of unsecured electronic protected health information (ePHI) affecting fewer than 500 individuals.

Read the full article


Former Alberta surgeon censured for emailing confidential patient information - October 2, 2012

A former Grande Prairie orthopedic surgeon has been found guilty by the physicians' college of inappropriately releasing confidential health information about three patients. The College of Physicians and Surgeons of Alberta determined Dr. Jeremy Reed, who now practises in Saskatchewan, sent three inappropriate emails in 2008 and 2009. Reed was suspended for 10 days and was ordered to pay $13,265 to cover 75 per cent of the investigation and hearing costs.

Read the full article


Massachusetts provider settles HIPAA case for $1.5 million - September 2012

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (collectively referred to as "MEEI") has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. MEEI also agreed to take corrective action to improve policies and procedures to safeguard the privacy and security of its patients' protected health information.

Read the full article


Alaska DHSS settles HIPAA security case for $1,700,000 - June 26, 2012

Alaska Department of Health and Human Services (DHHS) has agreed to pay the U.S. Department of Health and Human Services' (HHS) $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. Alaska also agreed to take corrective action to improve policies and procedures to safeguard the privacy and security of its patients' protected health information.

Read the full article


AG sues health care service firm for alleged patient privacy violations - January 2012

Personal health data on thousands of Minnesota patients was shared with a debt collection company that shouldn't have access to such information, Attorney General Lori Swanson said Thursday. Swanson filed a lawsuit against the company, Chicago-based Accretive Health, alleging that it failed to protect patient health care records and failed to disclose to patients how their records are used.

Read the full article


Sutter Health sued for losing patient medical information - November 23, 2011

Harris & Ruble, a prominent class-action law firm based in Los Angeles announced today they were the first to file a lawsuit against Sutter Health alleging the medical provider did not properly safeguard medical information for more than 4 million of its patients affected by the mid-October theft of a computer from the Sutter Medical Foundation headquarters based in Sacramento, CA.

Read the full article


For doctors, social media a tricky case - April 20, 2011

"Dr. Alexandra Thran, 48, was fired from the hospital last year and reprimanded by the state medical board last week. The hospital took away her privileges to work in the emergency room for posting information online about a trauma patient."

Read the full article