Here’s yet another HIPAA violations penalty to add to what seems to be a quickly growing list. In this case it was a violation of the minimum necessary access principle, in addition to providing the information to reporters, who then published the information. And, it is likely based upon the required actions that go beyond the fine, that the policies, procedures, training, awareness, and access logging processes was lacking as well. (more…)
Archive for the ‘Non-compliance Sanctions Examples’ Category
UCLA Health System Pays $865K to Settle Celebrity Privacy HIPAA Violations
Friday, July 8th, 20118,918 HIPAA Violation Investigations Have Required Corrective Actions
Wednesday, August 26th, 2009Here are some important websites to bookmark for you to reference when you need help…beyond what I have on my blog and at my website :)…if you are a US Health Insurance Portability and Accountability Act (HIPAA) Covered Entity (CE) or Business Associate (BA)…
FTC Issued Consent Order for GLBA Privacy Rule and Safeguards Rule Violations
Tuesday, June 16th, 2009Today the FTC issued a consent order against mortgage lender James B. Nutter & Company for GLBA Privacy Rule and Safeguards Rule violations resulting from having an inadequte information security program and safeguards. The requirements will result in, among other actions, 20 years of ongoing activities by James B. Nutter & Company; much more costly than it would have been to have established appropriate information security safeguards to begin with…
Memorial Day & ID Theft Using Info Of Deceased
Tuesday, May 26th, 2009Every year since probably my first year on this world I’ve visited cemetaries on the Sunday right before Memorial Day. My parents’ reasoning was that we could get the graves and headstones decorated (Memorial Day is also known as Decoration Day) so that those visiting on Monday would see them. Probably where I got my habit of always arriving to meetings and events WAY too early! 🙂
This past Sunday my family drove my father out to three cemetaries to once more continue this tradition…
HIPAA Sanctions and Convictions Will Increase with HITECH Act & New Administration
Tuesday, March 31st, 2009Upon reading and researching HIPAA and the impact of the HITECH Act upon it, basically broadening its applicability as well as adding new requirements for privacy breach notifications, I recently was compelled to write an article about what I foresee as likelihood that, after a very frustratingly slow start (by several years!) of HIPAA enforcement, increasingly more HIPAA sanctions will be made in the coming months and years.
SearchCompliance printed my article in three parts in their Compliance Tips section…
2ND HIPAA Sanction: CVS Must Pay $2.25 Million And Improve Info Sec Practices For Improper Disposal
Thursday, February 19th, 2009The 2nd ever to date HIPAA sanction has been handed down by the Department of Health and Human Services (HHS)…
Don’t Be A Dodo; Follow Privacy Requirements!
Monday, February 2nd, 2009I just ran across a privacy law non-compliance fine news report from Australia that was published October 22, 2008…
Iowa Takes Compliance Very Seriously…
Tuesday, January 27th, 2009Iowa Takes Compliance Very Seriously…
Tuesday, January 27th, 2009Example Of Why Business Leaders MUST Ensure Third Party Security
Monday, December 15th, 2008Below is a good example of why organizations need to do third party (vendor, outsourcers, business partners, etc.) information security and privacy program reviews. A very important sentence to show your business leaders who don’t think they need to ensure third party security is, “The lender made the data vulnerable, the complaint alleges, by allowing a third-party home seller to access the data without taking reasonable steps to protect it.”