Skip to content

Menu

LexBlog, Inc. logo
CommunitySub-MenuPublishersChannelsProductsSub-MenuBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAboutContactResourcesSubscribeSupport
Join
Search
Close

The First Health Privacy Settlements of 2018 Highlight the Ongoing Importance of HIPAA Privacy and Security

By Drew Gantt, Thora A. Johnson & Brian E. Extein on January 23, 2018
Email this postTweet this postLike this postShare this post on LinkedIn

encrypted dataAfter roughly seven months since the last announced settlement, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human services has announced a settlement of alleged violations of the Health Insurance Portability and Accountability Act (HIPAA). The first OCR settlement of 2018 concerns a HIPAA security breach of electronic data. At the same time, a recently announced settlement of a private class action against Aetna highlights the importance of HIPAA privacy and the continuing relevance of paper records.

The settlement concerns 21st Century Oncology, Inc. (21CO), a large oncology practice with treatment centers in 17 states and overseas. In 2015, 21CO was notified by the Federal Bureau of Investigation that its patient records had been compromised and were being sold illegally. In total, the records of 2,213,597 patients were affected. The information breached included names, social security numbers, diagnoses, treatments, and insurance information.

After performing its own investigation, OCR found that the oncology provider had not conducted a thorough risk assessment and had failed to put in place security measures sufficient to protect patient information. As part of the settlement, 21CO will pay $2.3 million and enter into a two-year corrective action plan (CAP). The CAP requires 21CO to conduct a comprehensive risk assessment, implement robust policies and procedures to protect patient information, and take other steps to ensure ongoing HIPAA compliance. The settlement underscores the importance of conducting a risk assessment that identifies and addresses security gaps and vulnerabilities.

On January 17, Aetna agreed to pay $17 million to settle a class action lawsuit brought against the insurer for a privacy breach affecting thousands of patients who took medication to treat or prevent HIV. In July of last year, Aetna mailed customer notices in envelopes with transparent windows. The transparent windows potentially allowed third parties to see that the recipient was using HIV medication. The total number of patients impacted is said to be approximately 12,000, which would make this the largest HIV privacy breach on record. The settlement also requires Aetna to implement changes to its privacy policies to prevent such a breach from happening again.

Photo of Drew Gantt Drew Gantt
Read more about Drew GanttEmail
Photo of Thora A. Johnson Thora A. Johnson
Read more about Thora A. JohnsonEmail
  • Posted in:
    Health Care
  • Blog:
    Health Law | STAT
  • Organization:
    Venable LLP
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Boston ERISA & Insurance Litigation Blog
  • Stridon News and Insights
  • Taft Class Action & Consumer Insights
  • Labor and Employment Law Insights
  • Age of Disruption
Copyright © 2022, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo