United States:
HHS Settles HIPAA Enforcement Action For Lack Of Timely Breach Notification
16 March 2017
by
Daniel J. McLoon
,
Mauricio Paez
,
Kevin Lyles
,
Richard Johnson
,
Jonathon Little
,
Todd McClelland
,
Jeff Rabkin
,
Adam Salter
,
Michiru Takahashi
,
Undine Von Diemar
,
Olivier Haas
,
Jörg Hladjk
and
Anand Varadarajan
Jones Day
To print this article, all you need is to be registered or login on Mondaq.com.
On January 9, 2017, the Department of Health and Human Services
("HHS") settled an enforcement action with a hospital
company for lack of timely breach notification. The Resolution Agreement requires that the company
revise its existing policies and procedures, conduct training with
its employees, and pay a $475,000 fine. HHS found that the company
failed to provide timely written breach notifications to
individuals whose protected health information had been compromised
on multiple occasions.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Privacy from United States
State Data Breach Notification Laws
Foley & Lardner
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice.