HIPAA Breach Notice Issued After Colorado Medicaid Mailing Error
The Colorado Department of Health Care Policy and Financing issued a HIPAA breach notice yesterday, announcing the potential exposure of confidential records relating to 1,622 households. A limited amount of Protected Health Information (PHI) was inadvertently disclosed to Medicaid recipients after a recent mailing error. The mailing took place between May 25, and July 5, 2015; but due to a technical error, letters were sent to incorrect recipients. The error was noticed by a resident who had received correspondence with details of a different person, and the matter was reported to county workers on July 1, according to the breach notice; four days before the mailing was stopped and the problem corrected. After an investigation into the breach was conducted, the department determined that patient names, Medicaid numbers, state ID numbers, family member names, employer names, income from the employer, Advanced Tax Credit amounts, and approval status for Medicaid and Child Health Plan services were potentially disclosed. In less than 50 cases, the person’s date of birth was also...
Class-Action for Advanced Data Processing Breach Denied
An Advanced Data Processing breach lawsuit was recently filed in a Florida court, with the case taking just 24 hours to be tossed by the judge. In this case, the judge ruled that the move to certify the class was premature, and the case was denied, even though the plaintiff alleges to have suffered identity theft as a direct result of the data breach. In the lawsuit, the plaintiffs allege that in 2012, the healthcare clearinghouse suffered a data breach that exposed the Protected Health Information (PHI) for several months. The data stolen is alleged to have been used to steal identities and fraudulently obtain funds from the IRS. The suit also claims there was a delay in issuing breach notification letters to victims, some of whom were not notified of the theft of their data for three years. The data breach affected 27 agencies in 17 states, and in total 10,000 individuals had their data stolen and potentially sold to an identity theft ring. One plaintiff, Yehonatan Weinberg, claimed to have visited a Californian hospital in 2012, yet received a breach notification letter in April...
Health Net Federal Services Achieves URAC HIPAA Privacy Reaccreditation
Health Net Federal Services, LLC., has received URAC HIPAA Privacy reaccreditation, assuring current policyholders that their privacy is treated seriously, and HIPAA standards are being met. URAC – the new name for the former Utilization Review Accreditation Commission – is an independent, non-profit organization that accredits health care organizations, including health plans, in this case on the standards of the HIPAA Privacy Rule. Health Net Federal Services, LLC was awarded full reaccreditation for HIPAA privacy standards, effective from May 1, 2018. Health Net has been accredited with URAC since 2008. According to URAC President and CEO Kylanne Green, “By applying for and receiving URAC accreditation, Health Net Federal Services has demonstrated a commitment to quality health care,” she went on to say, “Quality health care is crucial to our nation’s welfare and it is important to have organizations that are willing to measure themselves against national standards and undergo rigorous evaluation by an independent accrediting body.” President of Health Net Federal Services,...
HIPAA Data Breach Report July 2015
The HIPAA Journal Healthcare Data Breach Report July 2015 has been compiled from breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights. The breach reports give an indication of the current state of healthcare data security, and how well HIPAA-covered entities are applying HIPAA rules to keep patient data secured. Scroll down for our July 2015 healthcare data breach infographic summary. A Bad Month for Patient Privacy Hackers struck again in July, causing two large scale data breaches that exposed the records of millions of patients; two of the most serious healthcare data breaches ever reported. Hackers were discovered to have compromised the systems of four more healthcare providers, and stole highly confidential medical data and millions of Social Security numbers. Risk of Hacking Greater than Ever Hackers may have only accounted for four of the 21 data breaches reported in July, but those attacks proved highly damaging. 8,464,637 new breach victims were confirmed by the July breach reports, 8,409,141 of which were...
Increased Risk of Harm Not Grounds For Advocate Health Breach Lawsuit
An Advocate Health breach lawsuit was recently deemed to be too speculative to warrant a class-action claim for damages. The Illinois Appellate Court recently ruled that an increased risk of suffering harm as a result of an exposure of confidential health data is insufficient by itself to confer standing in a class-action data breach claim. The risk of harm was not deemed to be severe enough to warrant a data breach class action lawsuit. For damages to be awarded, evidence of actual harm must be provided. The case, Maglio v. Advocate Health and Hospitals Corporation, was filed by Matias Maglio on behalf of Macailee Maglio, Alexander Gill, and a number of other patients and next friends of minors affected by the breach. The plaintiffs allege they face an increased risk of suffering identity theft and fraud as a result of the exposure of their Protected Health Information (PHI). No identity theft had yet been reported or been suffered by any of the patients named in the lawsuit. The threat of fraud and loss was believed to be sufficient grounds for the complaint. The defendants moved...



