In the News

Doctor Gets Jail Time for HIPAA Violation

This month we look at a case involving a HIPAA privacy violation. This case is particularly important (and unusual) because it illustrates two points: 1) a person can get jail time for a HIPAA violation (even a misdemeanor violation), and 2) ignorance of the law does not protect you. Dr. H was in his mid-40’s when he took a research position with a large, well-known health system in a major city. The research position was not what Dr. H wanted, but he had a family to support, and had to […]

Read More

Temporal Trends and Characteristics of Reportable Health Data Breaches, 2010-2017

Protections for private patient data and mandatory public reporting of breaches of data confidentiality were established by the 1999 Health Insurance Portability and Accountability Act (HIPAA) and 2009 Health Information Technology for Economic and Clinical Health Act. Between 2010 and 2013, data breaches involving at least 29.1 million patient records were reported. The ongoing transition to electronic health records may increase such breaches. We used public data to examine the nature and extent of breaches from 2010 through 2017.

Read More

MA Physician Gets 1-Year Probation for Criminal HIPAA Violation

September 21, 2018 – Rita Luthra, a Springfield, MA-based gynecologist, was sentenced Sept. 19 to one-year probation for a criminal HIPAA violation and obstruction of a criminal healthcare investigation. In April, a jury convicted her of allowing a pharmaceutical sales representative to access patient records and lying to federal investigators. In May, US District Judge Mark G. Mastroianni denied a motion by Luthra’s attorney to reverse the conviction. In the original compliant, the Department of Justice (DoJ) alleged that Luthra allowed a Warner Chilcott sales representative to access her patients’ PHI and then provided false information to HHS […]

Read More

Can A Patient Sue for A HIPAA Violation?

Can a patient sue for a HIPAA violation? There is no private cause of action in HIPAA, so it is not possible for a patient to sue for a HIPAA violation. Even if HIPAA Rules have clearly been violated by a healthcare provider, and harm has been suffered as a direct result, it is not possible for patients to seek damages, at least not for the violation of HIPAA Rules. So, if it is not possible for a patient to sue for a HIPAA violation, does that mean legal action […]

Read More

Boston Hospitals Cough Up $1M for ‘Boston Trauma’ HIPAA Violations

September 20, 2018 – OCR announced Sept. 20 that it has fined three Boston-area hospitals close to $1 million for HIPAA violations involving the filming of ABC’s TV series “Save My Life: Boston Trauma.”* OCR reached HIPAA settlements with Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH) for compromising patients’ PHI when they invited the “Boston Trauma” film crews on premises without first obtaining authorization from patients. “Patients in hospitals expect to encounter doctors and nurses when getting treatment, not film crews recording them at their most private […]

Read More

UMass Memorial to Pay $230,000 for Healthcare Data Breaches

September 24, 2018 – UMass Memorial healthcare entities have agreed to pay $230,000 to the state of Massachusetts to resolve claims that two separate healthcare data breaches exposed PHI of more than 15,000 state residents. The lawsuit by the Massachusetts Attorney General (AG) alleged that healthcare facilities received complaints about two employees accessing patients PHI to open cell phone and credit card accounts. However, they did not investigate the complaints, discipline the employees involved in a timely manner, or take other steps to safeguard the information. The data breaches exposed patient information including names, addresses, […]

Read More