[ Tuesday, August 19, 2014 ]


ICYMI: Rhode Island Hospital Pays Mass. AG for HIPAA Breach: In a rare cross-border reach, the Massachusetts attorney general fined a Rhode Island hospital (and the hospital paid the fine) for breaching the security of PHI of a bunch of Massachusetts residents.  The breach violated HIPAA, but also violated MA's stringent data encryption and breach law.  The MA statute purports to have a "long arm" reach (it applies to anyone who deals with the PHI of MA residents, regardless where the record-keeper is located), but it would be hard to the MA AG to achieve jurisdiction over actors in other states.  However, I suspect in this case the RI hospital gets MA Medicaid funds and otherwise may do business in MA, so they probably felt they had to play along. 

Jeff [1:42 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template