Indiana AG Sues WellPoint over HIPAA Breach
Greg Zoeller, the Indiana Attorney General has taken action against a violator of HIPAA laws and has filed a lawsuit against WellPoint for breach notification failures following the 32,000-record data breach it discovered on March 8, of this year. Even with the very best security systems, data breaches still occur. In this case however, the breach was the result of human error. The lawsuit has been filed not for the disclosure of Protected Health Information, but the tardy breach response. HIPAA and Two Indiana State Laws Violated The lawsuit has been filed under state laws, with the suit claiming Wellpoint violated two separate breach notification laws in Indiana by failing to notify the Attorney General and patients that their information had potentially been compromised in a reasonable time frame. Under state laws the Attorney General’s office can fine organizations that fail to comply with data protection laws, with each of the two violations WellPoint committed carrying a maximum penalty of $150,000. A fine of £300,000 could therefore be issued. In July 2009, the state passed...
HIPAA Reportedly Stopping Drunk Driver Convictions
According to data collected and analyzed from a California healthcare provider, DUI convictions for drivers injured in road traffic accidents is relatively low, at just 59%. In these cases the drivers were over the legal alcohol limit, were in a hospital where blood tests were performed – the most reliable way to determine blood alcohol content – and yet 41% escaped without a conviction. A study was performed by Dr. James F. Holmes from Sacramento’s UC Davis School of Medicine. Data was collected from 241 cases where driver’s had been tested in the hospital and were found to have blood alcohol levels in excess of 80 mm/dl, which is the legal allowable limit for driving in California. The data suggested that the more severe the injury, the less likely it was that the driver would be convicted of driving under the influence, as was the case with individuals found to have alcohol levels under 200mm/dl in their blood. In spite of the police supposedly being able to easily identify drivers that had drunk too much, the study showed that their observations were not as accurate as...
Flash Drive Lost by KPMG Employee Potentially Exposes 3,630 Patient Health Records
An employee of one of the big four accountancy firms, KPMG LLP, is reported to have lost a flash drive containing the protected healthcare data of 3,630 patients. A flash drive was lost on or around May 10, 2010 and contained unencrypted data including the names of patients and a limited amount of healthcare information. No addresses, dates of birth, Social Security numbers, financial information, personal identification numbers or other identifiable information were stored on the drive and the risk of identity theft or medical fraud is considered to be low. KPMG’s accountancy services are used by a number of hospitals affiliated to the Saint Barnabas Health Care System including Newark Beth Israel Medical Center. The data of 956 of its patients were stored on the drive according to the breach notification it issued to the Department of Health and Human Services. Data breach notification rules require healthcare providers to issue breach notifications to patients, even if the breach is caused by a Business Associate. The Saint Barnabas Health Care System will therefore be...
Oakwood Healthcare Worker Fired for HIPAA-Violating Facebook Comments
Michigan healthcare provider, Oakwood Healthcare, Inc., has confirmed that a member of staff at Oakwood Hospital & Medical Center in Dearborn has had her employment contract terminated after posting disparaging comments about a patient on her Facebook page. WJBK Fox 2 reported that the hospital worker, Cheryl James, posted two comments on her Facebook page about a patient. One comment was deemed unrepeatable by WJBK, although Cheryl was reported to have said that she “came face to face with a cop killer” and that she hoped he “rots in hell”. When Cheryl’s bosses learned of her Facebook posts they advised Cheryl that they would have to investigate the matter and Cheryl promptly removed the posts. She expected disciplinary action would be limited to a reprimand or even a suspension, but the hospital terminated her employment for violating HIPAA data privacy rules. According to a statement released by Oakwood Hospital, “We all have a legal and ethical responsibility to put our personal opinions aside and provide the care required for any patient who has entrusted us with...
Connecticut Attorney General First to Take Action for HIPAA Violations
The Connecticut Attorney General, Richard Blumenthal, has announced that a settlement has been reached with healthcare provider, Health Net, over violations of the Health Insurance Portability and Accountability Act (HIPAAA). The Connecticut AG is the first to exercise the right to enforce HIPAA since the power to do so was given to AGs following amendments to HIPAA brought about by the introduction of the Health Information Technology for Economic and Clinical Health Act (HITECH). Health Net was fined £250,000 for failing to implement adequate controls to protect the health data of its patients and for violations of Breach Notification Rules. Legal action was taken against Health Net following the loss of an unencrypted disc drive in May 2009 which exposed the data of 1.5 million Americans, 446,000 of which were Connecticut residents. The incident exposed Social Security Numbers, financial information and personal identifiers, with the subsequent investigation concluding that the drive was most likely stolen. In addition to the fine, Health Net has been ordered to provide two...



