HIPAA Blog

[ Monday, October 22, 2018 ]

 

I'm not sure whether this is a HIPAA issue: is Healthcare.gov, the website that facilitates the federally-run state insurance exchanges, a covered entity or business associate?  It's not a plan or provider, and I don't think it's a clearinghouse because it's not involved in transmitting data in connection with transactions.  As far as I can tell, it assists the plans (which are CEs) that sell insurance on the exchanges, so in theory, if it creates, receives, maintains, or transmits PHI in connection with that service, it's a BA.  But does it enter into BAAs with those insurers, or is it somehow exempt because it's a governmental entity?  HIPAA doesn't include any sort of governmental exemption (Medicare and Medicaid are clearly CEs), but did the ACA or its implementing regulations include any exemption? 

Interesante.

Jeff [11:17 AM]

[ Monday, October 15, 2018 ]

 

It was the biggest HIPAA breach ever, one of the biggest of any sort of breach involving personally-identifiable information: hackers got access to the medical records of almost 80 million people.  While it's still unclear what damage was done, OCR has finally weighed in with how much it'll cost Aetna: $16 million.  That's almost 3 times the previous record of $5.5 million. 

Update: AP story is here.

Jeff [9:44 PM]

[ Sunday, October 14, 2018 ]

 

Latest development: Aetna pays the NJ Attorney General $365,000 as a fine for the data breach involving the use of window envelopes to send notices to beneficiaries receiving HIV medications.  As noted earlier, the window envelopes allowed the potential disclosure of PHI to unintended recipients.

Update: Aetna also has settled with the AGs of Connecticut, Washington State, and DC.

Jeff [5:06 PM]

[ Monday, October 01, 2018 ]

 

The SEC has announced an action against a broker-dealer for a data breach that exposed customer financial data.  Not a HIPAA breach, but it's similar in effect and enforcement activities.  The $1 million fine is considered "small."

Jeff [2:06 PM]

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template