Dental Practice Pays $23,000 For Potential HIPAA Privacy Violations Involving Yelp Posts

Author HeadshotBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. The California-based dental practice paid $23,000 to OCR and agreed to implement a corrective action plan after allegedly including protected health information (PHI) in its responses to reviews on Yelp.

The Complaint and Investigation.

On November 29, 2017, the Office for Civil Rights (OCR) received a complaint alleging New Vision Dental had posted responses to several unfavorable reviews by patients on Yelp and frequently disclosed confidential protected health information (PHI) in its responses. For example, in some posts, patients were allegedly identified, and NVD revealed their full names when the patient may have only chosen to use a made-up name on the platform. Other information allegedly posted included detailed information about the patient’s visits, treatment, and health insurance when the patient had not posted that information publicly.

The federal agency’s investigation found potential violations of the HIPAA Privacy Rule, including impermissible uses and disclosures of PHI and failures to provide adequate Notice of Privacy Practices and implement Privacy policies and procedures. “This latest enforcement action demonstrates the importance of following the law even when using social media. Providers cannot disclose protected health information of their patients when responding to negative online reviews. This is a clear ‘NO,’” said OCR Director Melanie Fontes Rainer in a statement.

To read more, click here for the press release from the HHS.

In addition to the settlement, NVD agreed to implement a corrective action plan (CAP) that will be monitored for two years by OCR. As part of its CAP, the dental practice agreed to develop, revise, and maintain written policies and procedures to comply with federal privacy and security standards. All workforce members will also receive training on those policies and procedures, and NVD must remove all social media postings that include PHI.

The resolution agreement and CAP can be viewed here.

Guidelines for Appropriate Use of Social Media and Social Networking.

Healthcare professionals are discouraged from interacting with current or past patients on personal social networking sites and should never, under any circumstances, reveal personal information about the patient or the patient’s treatment or care. Online interaction with patients should only occur when discussing the patient’s medical treatment within the physician-patient relationship and with written, signed consent by the patient to use e-mail or other online services for such messaging. These interactions should never occur on personal social networking or social media websites.

Patient privacy must always be protected, especially on social media and social networking websites. Breaches in patient confidentiality could harm the patient and violate federal privacy laws such as the Health Insurance Portability and Accountability Act of 1996 and applicable state privacy laws.

Failure to Comply With HIPAA Can Result in Both Civil and Criminal Penalties.

This penalty was the 21st financial penalty OCR imposed in 2022 to resolve HIPAA violations, more than in any other year since it was given the authority to enforce HIPAA compliance. With the increased popularity and availability of social media platforms also comes an increase in potential privacy violations. To read a previous blog I wrote on this, click here.

If Notified of a HIPAA Investigation or Audit, Consult an Experience Health Law Attorney Immediately.

If you receive notice that you have a HIPAA Privacy Complaint, are suspected of a HIPAA breach, or are subject to a HIPAA audit, consult an experienced healthcare attorney immediately. There are many technicalities to these laws and regulations, and what may initially seem like a violation may be proven to be nothing. Many defenses can be raised, and often a complaint may be dismissed by the OCR once the correct facts are shown to it by your attorney.

Don’t Wait Until It’s Too Late, Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, nurses, and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Alder, Steve. “OCR Fines California Dental Practice for PHI Disclosures on Yelp.” HIPAA Journal. (December 14, 2022). Web.

McKeon, Jill. “OCR Settles Potential HIPAA Violation After Dental Practice Discloses PHI on Yelp.” Health Care It News. (December 14, 2022).

Health News Weekly. “California Dental Practice Pays $23,000 to Resolve Potential HIPAA Violations Involving Social Media Posts.” AHLA. (December 16, 2022). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll-Free: (888) 331-6620.

Current Open Positions with The Health Law Firm. The Health Law Firm always seeks qualified individuals interested in health law. Its main office is in the Orlando, Florida, area. If you are a current member of The Florida Bar or a qualified professional who is interested, please forward a cover letter and resume to: [email protected] or fax them to (407) 331-3030.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2023 The Health Law Firm. All rights reserved.

By |2023-09-11T13:51:02-04:00September 11, 2023|Categories: Health Facilities Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |0 Comments

California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts

Author HeadshotBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. The California-based dental practice paid $23,000 to OCR and agreed to implement a corrective action plan after allegedly including protected health information (PHI) in its responses to reviews on Yelp.

The Complaint and Investigation.

On November 29, 2017, the Office for Civil Rights (OCR) received a complaint alleging New Vision Dental had posted responses to several unfavorable reviews by patients on Yelp and frequently disclosed confidential protected health information (PHI) in its responses. For example, in some posts, patients were allegedly identified, and NVD revealed their full names when the patient may have only chosen to use a made-up name on the platform. Other information allegedly posted included detailed information about the patient’s visits, treatment, and health insurance, when that information had not been posted publicly by the patient.

The federal agency’s investigation found potential violations of the HIPAA Privacy Rule, including impermissible uses and disclosures of PHI and failures to provide adequate Notice of Privacy Practices and implement Privacy policies and procedures. “This latest enforcement action demonstrates the importance of following the law even when you are using social media. Providers cannot disclose protected health information of their patients when responding to negative online reviews. This is a clear ‘NO,’” said OCR Director Melanie Fontes Rainer in a statement.

To read more, click here for the press release from the HHS.

In addition to the settlement, NVD agreed to implement a corrective action plan (CAP) that will be monitored for two years by OCR. As part of its CAP, the dental practice agreed to develop, revise, and maintain written policies and procedures to comply with federal privacy and security standards. All workforce members will also receive training on those policies and procedures, and NVD is required to remove all social media postings that include PHI.

The resolution agreement and CAP can be viewed here.

Guidelines for Appropriate use of Social Media and Social Networking.

Healthcare professionals are discouraged from interacting with current or past patients on personal social networking sites and should never, under any circumstances, reveal personal information about the patient or the patient’s treatment or care. Online interaction with patients should only occur when discussing the patient’s medical treatment within the physician-patient relationship and with written, signed consent by the patient to use e-mail or other online services for such messaging. These interactions should never occur on personal social networking or social media websites.

Patient privacy must be protected at all times, especially on social media and social networking websites. Breaches in patient confidentiality could harm the patient and violate federal privacy laws such as the Health Insurance Portability and Accountability Act of 1996 and applicable state privacy laws.

Failure to Comply With HIPAA Can Result in Both Civil and Criminal Penalties.

This penalty was the 21st financial penalty to be imposed by OCR in 2022 to resolve HIPAA violations, more than in any other year since it was given the authority to enforce HIPAA compliance. With the increased popularity and availability of social media platforms also comes an increase in potential privacy violations. To read a previous blog I wrote on this, click here.

If Notified of a HIPAA Investigation or Audit, Consult an Experience Health Law Attorney Immediately.

If you receive notice that you have a HIPAA Privacy Complaint, are suspected of a HIPAA breach, or are subject to a HIPAA audit, consult with an experienced health care attorney immediately. There are many technicalities to these laws and regulations, and what may initially seem like a violation may be proven to be nothing. Many defenses can be raised, and often a complaint may be dismissed by the OCR once the correct facts are shown to it by your attorney.

Don’t Wait Until It’s Too Late, Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, nurses, and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Alder, Steve. “OCR Fines California Dental Practice for PHI Disclosures on Yelp.” HIPAA Journal. (December 14, 2022). Web.

McKeon, Jill. “OCR Settles Potential HIPAA Violation After Dental Practice Discloses PHI on Yelp.” Health Care It News. (December 14, 2022).

Health News Weekly. “California Dental Practice Pays $23,000 to Resolve Potential HIPAA Violations Involving Social Media Posts.” AHLA. (December 16, 2022). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll-Free: (888) 331-6620.

Current Open Positions with The Health Law Firm. The Health Law Firm always seeks qualified individuals interested in health law. Its main office is in the Orlando, Florida, area. If you are a current member of The Florida Bar or a qualified professional who is interested, please forward a cover letter and resume to: [email protected] or fax them to (407) 331-3030.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2023 The Health Law Firm. All rights reserved.

By |2023-01-17T11:36:47-05:00January 17, 2023|Categories: Dental Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |0 Comments

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that compromised over 200,000 patient records. Part of the settlement included a Corrective Action Plan, or CAP, which the clinic agreed to adopt, to help prevent future breaches of privacy. Click here to view the resolution agreement and Corrective Action Plan (CAP).

On September 24, 2020, the OCR publicized a settlement with an information technology (IT) and health information management company. The business agreed to pay $2.3 million to settle claims of systemic security rule violations relating to a 2014 hacking incident impacting the personal health information (PHI) of more than 6 million individuals. Click here to read the settlement agreement.

Days later, the OCR released information about a $6.85 million settlement with Premera Blue Cross, the largest health plan in the Pacific Northwest. The settlement, the second largest to date, related to a 2015 cyber-attack which exposed the health information of more than 10 million individuals. To read the resolution agreement in full, click here.

In regard to these settlements, the OCR alleged that the following security rule violations had occurred:

1. Failure to conduct an adequate and thorough risk analysis;

2. Failure to implement sufficient mechanisms to record and examine system activities;

3. Failure to enter into business associate agreements with vendors with access to electronic protected health information;

4. Failure to implement reasonable security measures to reduce risks and vulnerabilities;

5. Failure to respond to and document a known security incident;

6. Failure to implement technical policies and procedures regarding access; and

7. Failure to implement procedures to regularly review system activity logs and reports.

Readers could use the above as a compliance checklist to make sure their own systems of records are being properly protected.

Consequences of HIPAA Rule Noncompliance.

The HIPAA Security Rule establishes a set of national standards for confidentiality, integrity, and availability of e-PHI. HHS is responsible for administering and enforcing these standards, along with enforcement of the HIPAA Privacy Rule. Therefore, the agency may conduct complaint investigations and compliance reviews. To learn more details about the HIPAA Security Rule, click here.

HHS looks for systems failures, prior breaches, missing risk analyses, or absence of or inadequate HIPAA policies. Without question, any compliance violations will result in an enforcement action. And as these three settlements have demonstrated, enforcement can be costly.

Don’t Wait Until It’s Too Late, Protect Yourself from HIPAA Security Rule Compliance Violations.

Businesses and organizations need to acknowledge the need to act and create a HIPAA security rule compliance plan. Locating existing security policies and the last completed risk analysis is an essential step in compliance. If it’s been over a year, perform or update risk analysis to identify risks or vulnerabilities on all systems that contain any e-PHI. Security rule compliance requires regular attention and detailed records. Take steps now to help protect e-PHI from data breaches, and avoid millions of dollars in settlements or fines.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions to investigate and defend alleged HIPAA complaints and violations and prepare Corrective Action Plans (CAPs). Our attorneys regularly defend OCR HIPAA audits, defend in HIPAA complaint investigations, assist in preparing a HIPAA Risk Analyses, defend in federal administrative actions and administrative hearing cases, and defend in civil or administrative litigation of HIPAA/breach of medical confidentiality law suits.

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Kraus, Anna and Carrier, Tara. “HHS Announces Multiple HIPAA Settlements Related to Data Breaches and the Right of Access Initiative.” Lexology. (October 6, 2020). Web.

Castricone, Dena. “The Crushing Cost Of HIPAA Security Rule Noncompliance.” Law360. (October 1, 2020). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that compromised over 200,000 patient records. Part of the settlement included a Corrective Action Plan, or CAP, which the clinic agreed to adopt, to help prevent future breaches of privacy. Click here to view the resolution agreement and Corrective Action Plan (CAP).

On September 24, 2020, the OCR publicized a settlement with an information technology (IT) and health information management company. The business agreed to pay $2.3 million to settle claims of systemic security rule violations relating to a 2014 hacking incident impacting the personal health information (PHI) of more than 6 million individuals. Click here to read the settlement agreement.

Days later, the OCR released information about a $6.85 million settlement with Premera Blue Cross, the largest health plan in the Pacific Northwest. The settlement, the second largest to date, related to a 2015 cyber-attack which exposed the health information of more than 10 million individuals. To read the resolution agreement in full, click here.

In regard to these settlements, the OCR alleged that the following security rule violations had occurred:

1. Failure to conduct an adequate and thorough risk analysis;

2. Failure to implement sufficient mechanisms to record and examine system activities;

3. Failure to enter into business associate agreements with vendors with access to electronic protected health information;

4. Failure to implement reasonable security measures to reduce risks and vulnerabilities;

5. Failure to respond to and document a known security incident;

6. Failure to implement technical policies and procedures regarding access; and

7. Failure to implement procedures to regularly review system activity logs and reports.

Readers could use the above as a compliance checklist to make sure their own systems of records are being properly protected.

Consequences of HIPAA Rule Noncompliance.

The HIPAA Security Rule establishes a set of national standards for confidentiality, integrity, and availability of e-PHI. HHS is responsible for administering and enforcing these standards, along with enforcement of the HIPAA Privacy Rule. Therefore, the agency may conduct complaint investigations and compliance reviews. To learn more details about the HIPAA Security Rule, click here.

HHS looks for systems failures, prior breaches, missing risk analyses, or absence of or inadequate HIPAA policies. Without question, any compliance violations will result in an enforcement action. And as these three settlements have demonstrated, enforcement can be costly.

Don’t Wait Until It’s Too Late, Protect Yourself from HIPAA Security Rule Compliance Violations.

Businesses and organizations need to acknowledge the need to act and create a HIPAA security rule compliance plan. Locating existing security policies and the last completed risk analysis is an essential step in compliance. If it’s been over a year, perform or update risk analysis to identify risks or vulnerabilities on all systems that contain any e-PHI. Security rule compliance requires regular attention and detailed records. Take steps now to help protect e-PHI from data breaches, and avoid millions of dollars in settlements or fines.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions to investigate and defend alleged HIPAA complaints and violations and prepare Corrective Action Plans (CAPs). Our attorneys regularly defend OCR HIPAA audits, defend in HIPAA complaint investigations, assist in preparing a HIPAA Risk Analyses, defend in federal administrative actions and administrative hearing cases, and defend in civil or administrative litigation of HIPAA/breach of medical confidentiality law suits.

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Kraus, Anna and Carrier, Tara. “HHS Announces Multiple HIPAA Settlements Related to Data Breaches and the Right of Access Initiative.” Lexology. (October 6, 2020). Web.

Castricone, Dena. “The Crushing Cost Of HIPAA Security Rule Noncompliance.” Law360. (October 1, 2020). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that compromised over 200,000 patient records. Part of the settlement included a Corrective Action Plan, or CAP, which the clinic agreed to adopt, to help prevent future breaches of privacy. Click here to view the resolution agreement and Corrective Action Plan (CAP).

On September 24, 2020, the OCR publicized a settlement with an information technology (IT) and health information management company. The business agreed to pay $2.3 million to settle claims of systemic security rule violations relating to a 2014 hacking incident impacting the personal health information (PHI) of more than 6 million individuals. Click here to read the settlement agreement.

Days later, the OCR released information about a $6.85 million settlement with Premera Blue Cross, the largest health plan in the Pacific Northwest. The settlement, the second largest to date, related to a 2015 cyber-attack which exposed the health information of more than 10 million individuals. To read the resolution agreement in full, click here.

In regard to these settlements, the OCR alleged that the following security rule violations had occurred:

1. Failure to conduct an adequate and thorough risk analysis;

2. Failure to implement sufficient mechanisms to record and examine system activities;

3. Failure to enter into business associate agreements with vendors with access to electronic protected health information;

4. Failure to implement reasonable security measures to reduce risks and vulnerabilities;

5. Failure to respond to and document a known security incident;

6. Failure to implement technical policies and procedures regarding access; and

7. Failure to implement procedures to regularly review system activity logs and reports.

Readers could use the above as a compliance checklist to make sure their own systems of records are being properly protected.

Consequences of HIPAA Rule Noncompliance.

The HIPAA Security Rule establishes a set of national standards for confidentiality, integrity, and availability of e-PHI. HHS is responsible for administering and enforcing these standards, along with enforcement of the HIPAA Privacy Rule. Therefore, the agency may conduct complaint investigations and compliance reviews. To learn more details about the HIPAA Security Rule, click here.

HHS looks for systems failures, prior breaches, missing risk analyses, or absence of or inadequate HIPAA policies. Without question, any compliance violations will result in an enforcement action. And as these three settlements have demonstrated, enforcement can be costly.

Don’t Wait Until It’s Too Late, Protect Yourself from HIPAA Security Rule Compliance Violations.

Businesses and organizations need to acknowledge the need to act and create a HIPAA security rule compliance plan. Locating existing security policies and the last completed risk analysis is an essential step in compliance. If it’s been over a year, perform or update risk analysis to identify risks or vulnerabilities on all systems that contain any e-PHI. Security rule compliance requires regular attention and detailed records. Take steps now to help protect e-PHI from data breaches, and avoid millions of dollars in settlements or fines.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions to investigate and defend alleged HIPAA complaints and violations and prepare Corrective Action Plans (CAPs). Our attorneys regularly defend OCR HIPAA audits, defend in HIPAA complaint investigations, assist in preparing a HIPAA Risk Analyses, defend in federal administrative actions and administrative hearing cases, and defend in civil or administrative litigation of HIPAA/breach of medical confidentiality law suits.

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Kraus, Anna and Carrier, Tara. “HHS Announces Multiple HIPAA Settlements Related to Data Breaches and the Right of Access Initiative.” Lexology. (October 6, 2020). Web.

Castricone, Dena. “The Crushing Cost Of HIPAA Security Rule Noncompliance.” Law360. (October 1, 2020). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law

Go to Top