ARTICLE
20 January 2017

HHS Pact Shows Data Breach Reporting Can't Fall Off Radar

DP
Day Pitney LLP

Contributor

Day Pitney LLP logo
Day Pitney LLP is a full-service law firm with more than 300 attorneys in Boston, Connecticut, Florida, New Jersey, New York and Washington, DC. The firm offers clients strong corporate and litigation practices, with experience on behalf of large national and international corporations as well as emerging and middle-market companies. With one of the largest individual clients practices on the East Coast, the firm also has extensive experience assisting individuals and their families, fiduciaries and tax-exempt entities plan for the future.
Explore Firm Details
Eric also pointed out that the Resolution Agreement Presence entered into with the OCR mentioned their late reporting of prior breaches in 2015 and 2016.
United States Privacy
Person photo placeholder
Authors

Eric Fader was quoted in a January 17 article, "HHS Pact Shows Data Breach Reporting Can't Fall Off Radar," published in Law360. The article discussed the groundbreaking $475,000 settlement that Presence Health, an Illinois health system, reached with the Department of Health and Human Services' Office for Civil Rights (OCR) for failing to report a data breach in a timely manner.

"This incident was a pure privacy issue," Eric told Law360, rather than one involving potential identity theft. "Still, OCR is using it as an example and a warning to all providers that timely breach notification is critical so that the affected parties can take immediate action to protect themselves, such as changing passwords and signing up for credit monitoring services."

Eric also pointed out that the Resolution Agreement Presence entered into with the OCR mentioned their late reporting of prior breaches in 2015 and 2016.  "Given their recidivism, they may have gotten off lightly with a fine of only $475,000," he observed.

While the jury is still out on whether OCR will publicize more actions specifically targeting breach notifications in the future, Eric noted that the Presence case presented a "simple enough fact situation that the OCR may feel that they've made their point."

Looking forward, Eric predicted that we're likely to see a continued high level of HIPAA enforcement activity. "Just when one might think that the OCR must have publicized a settlement for every major category of HIPAA violation by now, an announcement like this one is a reminder that their educational efforts are not complete," Eric said. "It will be interesting to see what's left."

For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.

Click here for more Healthcare Blogs from Day Pitney

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Day Pitney LLP
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More