Time to catch up on some recent data breach enforcement actions.
First, Massachusetts General and Brigham & Women's, along with Dana Farber Cancer Center, have agreed to settle a lawsuit for $18.4 million. The lawsuit accuses the hospitals of allowing their researchers to use apps that allowed access to as many as 10,000 patients.
Next, a class action suit has been filed against BioPlus Specialty Pharmacy, accusing it of insufficient HIPAA protections, which allowed unknown hackers access to company files containing patient PHI.
Next, EHR provider QRS is facing a class action suit in connection with a breach affecting 320,000 individuals.
More to come, I'm sure. And of course I still owe the rest of the 20-at-20 chapters, celebrating the Privacy Rule's first 20 years. I promise to finish before the Privacy Rule turns 21 and starts drinking. . . .