[ Tuesday, August 19, 2014 ]
ICYMI: Rhode Island Hospital Pays Mass. AG for HIPAA Breach:
Jeff [1:42 PM]
In a rare cross-border reach, the Massachusetts attorney general fined a Rhode Island hospital
(and the hospital paid the fine) for breaching the security of PHI of a bunch of Massachusetts residents. The breach violated HIPAA, but also violated MA's stringent data encryption and breach law. The MA statute purports to have a "long arm" reach (it applies to anyone who deals with the PHI of MA residents, regardless where the record-keeper is located), but it would be hard to the MA AG to achieve jurisdiction over actors in other states. However, I suspect in this case the RI hospital gets MA Medicaid funds and otherwise may do business in MA, so they probably felt they had to play along.
Blogger: HIPAA Blog - Edit your Template