Tuesday, March 25, 2014

$4M Breach Settlement by Hospital, BAAs

A California hospital and two Business Associates have paid $4 million to settle a class-action lawsuit related to a 2011 breach affecting 20,000 patients. The information breached included patient names, medical record numbers, hospital account numbers, emergency room admission/discharge dates, medical codes for the visit reasons, and billing charges.

Unlike many other states' privacy laws, California's Confidentiality of Medical Information Act "allows patients to bring an action against any entity that has negligently released individually identifiable medical information, seeking minimum damages of $1,000, with no proof of actual damage required," according to Brian Kabeteck, founder and managing partner of Kabeteck Brown Kellner LLP, the law firm representing plaintiffs in the suit.

"California...allows patients to bring an action against an entity that has negligently released individually identifiable medical information, with no proof of actual damage required." - Brian Kabeteck, attorney
Kabeteck points out this makes these actions much easier to pursue and that suits like this show there are repercussions for not protecting patient information. This case is also a reminder to business associates about the importance of safeguarding electronic protected health information (ePHI). Business associates and their subcontractors are directly liable for compliance with the HIPAA Omnibus Rule, with fines up to $1.5 million per violation, and vendors could face civil suits related to breaches. To proactively detect breaches of patient data, hospitals and their business associates can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Stanford Breach Lawsuit Settled - www.iHealthBeat.org, 03/24/2014

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.