Tag: data privacy and security

An Ounce of Prevention: Establish an Effective Privacy/Cybersecurity Program

Data breaches have become common occurrences. Nearly every business—including nonprofits—collects, stores, and uses personal information (PI) that’s valuable to bad actors. All organizations store and process PI about their employees, and many nonprofits store and process PI about their donors and volunteers. Bad actors can cause financial harm to those whose PI is stolen, but […]

HHS Launches Phase 2 HIPAA Privacy Audits

The U.S. Department of Health and Human Services has officially launched its long-awaited Phase 2 HIPAA audit program, the head of HHS’ Office for Civil Rights said at a March 21 conference. The process has begun with the emailing of address verification letters to a pool of potential auditees, said OCR Director Jocelyn Samuels. OCR […]

Puerto Rico Health Insurer Will Pay Record $3.5M HIPAA Settlement

A Puerto Rico health insurer agreed to pay $3.5 million in a HIPAA settlement after the U.S. Department of Health and Human Services, investigating multiple breach reports from the company, found what it called “widespread noncompliance” throughout the organization. Triple-S Management Corp. is an insurance holding company that offers many insurance products and services through […]

TPA Faces State-law Claims for Improper Release of Patient Data

A third-party administrator faces California health privacy and unfair business practices charges for allegedly handing over a plan participant’s case management information to an employer, which then terminated her to avoid paying for her impending liver transplant. The TPA’s arguments for ERISA preemption failed because the plan participant’s state-law action could have been brought in […]

Impending HIPAA audits will focus on risk analysis and training

Now that the U.S. Department of Health and Human Services finally appears to be moving ahead with its HIPAA audit program, health plans and other covered entities need to be preparing documentation and shoring up their risk analysis and training, among other things, HIPAA experts suggested in recent webinars. “They’ve been talking about it for […]

CareFirst Is Latest Insurer to Suffer Major Cyberattack

CareFirst BlueCross BlueShield has become the latest major health insurer to acknowledge having suffered a large-scale cyberattack on its member data. Information on about 1.1 million individuals was affected by the breach, which CareFirst discovered during an information technology security review conducted in the wake of the attacks on Anthem and Premera. In June 2014, […]

Last-minute Tips for Amending HIPAA Business Associate Contracts

As the transition period for amending business associate agreements draws to a close, HIPAA experts have highlighted some issues for plan sponsors to keep in mind. Under last year’s HIPAA/HITECH omnibus rules, all contracts with business associates must be compliant with the rules by Sept. 22. Obviously, group health plans and other HIPAA-covered entities that […]

Plan Identifier Rules Not Written for Self-funded Plans

With the HIPAA deadline for obtaining a health plan identifier less than two months away, plan sponsors have encountered major problems trying to get one — if they’ve started at all, according to a poll conducted by the ERISA Industry Committee. “ERIC’s members are really struggling with the requirements for health plan identifiers,” said Gretchen […]

Health Insurer Employee Pleads Guilty to SSN Theft

A former employee of a Massachusetts-based health insurer pleaded guilty to one count of illegal disclosure of Social Security numbers, after federal prosecutors alleged she stole plan members’ SSNs and other personal identifying information as part of a scheme to defraud the government. Emeline Lubin faces a possible prison sentence of up to five years […]

Preventing Employee Data Leaks Requires Proper Safeguards

Reducing the risk of data breaches requires assessing your company’s vulnerabilities, then addressing them with policies, procedures, training and agreements. The media tend to focus on external hackers, but “the real culprits for most our clients are internal,” according to employment law attorney Robert Fitzpatrick. Employee data breaches can be classified into the deliberate and […]