[ Thursday, August 31, 2017 ]
More Window Envelope issues: now it's CVS with a problem letting PHI leak out envelope windows.
Jeff [12:19 PM]
[ Tuesday, August 29, 2017 ]
Aetna HIV data breach: Well,
that was fast. Those class action lawyers can outrun an ambulance.
Jeff [2:57 PM]
[ Friday, August 25, 2017 ]
The Trouble with Window Envelopes: It's nice to use envelopes where the address of the recipient is only printed on the page inserted into the envelope, but is visible through a window in the outer envelope. It saves costs, as well as reduces the possibility of a mismatch between the information in the insert and the information on the envelope (i.e., the wrong letter gets inserted into the wrong envelope).
However, if you're going to do so, make sure ONLY THE NAME AND ADDRESS show through the window.
I think Aetna's gonna be in trouble for this. . . .
Jeff [2:05 PM]
[ Wednesday, August 23, 2017 ]
Cybersecurity Class Action Update: One interesting aspect of data breaches (whether HIPAA-related or not) is the potential for lawsuits from affected parties. Most times, injured individuals can't show monetary damages from a HIPAA breach, and that particularly true in non-HIPAA breaches such as the Target or Home Depot data breaches, where any credit card fraud was covered by the credit card companies. (There are exceptions, of course, such as where
a HIPAA breach causes harm that can be proven). But the quest to show that the fear of future ID theft or other harm constitutes actionable damages is the holy grail of class action lawyers, looking to turn the millions of victims (each suffering only minor damages) into a single class so that they can collect on multiplied damages.
So far, it's been tough sledding: most courts deny that there are damages just because you're afraid someone might use your information in the future. That has been recently upheld in
this ScottTrade case. Some day, a court will allow these damages to constitute sufficient grounds for a class action lawsuit, but not yet.
Jeff [6:17 PM]
[ Monday, August 21, 2017 ]
Jeff [8:35 AM]
[ Monday, August 14, 2017 ]
Women's Health Care (PA): A large Philadelphia-area ob/gyn practice has notified 300,000 patients of a
potential data breach. Not much news on what happened, but it was apparently a hack that penetrated the group's computer system; they don't know for sure if information was actually viewed or extracted, but the information subject to potential breach did include social security numbers (bur apparently not much medical information). The report mentions backups, which makes me think this was probably a ransomware incident. The breach started in January 2017 but wasn't discovered until May 2017, but notifications didn't go out until July 2017 (interestingly, in March the group merged with a NJ group to become the largest ob/gyn group in the country, now known as Axia Women's Health.
Jeff [10:24 AM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template
