[ Tuesday, August 19, 2014 ]
ICYMI: Rhode Island Hospital Pays Mass. AG for HIPAA Breach: In a rare cross-border reach, the
Massachusetts attorney general fined a Rhode Island hospital (and the hospital paid the fine) for breaching the security of PHI of a bunch of Massachusetts residents. The breach violated HIPAA, but also violated MA's stringent data encryption and breach law. The MA statute purports to have a "long arm" reach (it applies to anyone who deals with the PHI of MA residents, regardless where the record-keeper is located), but it would be hard to the MA AG to achieve jurisdiction over actors in other states. However, I suspect in this case the RI hospital gets MA Medicaid funds and otherwise may do business in MA, so they probably felt they had to play along.
Jeff [1:42 PM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template