April 21, 2019

April 19, 2019

Subscribe to Latest Legal News and Analysis

April 18, 2019

Subscribe to Latest Legal News and Analysis

Connecticut Attorney General Reaches HIPAA Settlement with Hospital and Associate

The Connecticut attorney general is one of the few who has taken advantage of the 2009 provision in the HITECH Act which grants authority to states to enforce HIPAA violations.  On Nov. 6, 2015, the Connecticut attorney general announced that it entered into a settlement agreement (Assurance of Voluntary Compliance) with the Hartford Hospital and its business associate vendor the EMC Corporation (EMC) to resolve an investigation into a breach that occurred in 2012.

Hartford Hospital and EMC have agreed to collectively pay $90,000 and have agreed to institute various measures to resolve the matter. EMC assisted the hospital on a quality improvement project that involved analyzing the hospital’s patient data. On June 25, 2012, an unencrypted laptop was stolen from an EMC employee’s home. The laptop contained unencrypted protected health information (PHI) of about 8,883 Connecticut residents. EMC reported the theft to the hospital the next day, and the hospital discovered that it had not entered into a business associate agreement with EMC. The hospital notified all affected patients of the breach as well as the Connecticut Attorney General’s office. In the Assurance of Voluntary Compliance the hospital agreed to comply with all applicable provisions of HIPAA, including analyzing all of its relationships with vendors to ensure that it is entering into the required business associate agreements, as well as encrypting PHI. The EMC agreed to maintain policies and procedures on encryption, the storage of PHI outside of EMC premises, and for responding to breach events.



About this Author

The Barnes & Thornburg Healthcare Department regularly represents physicians, medical groups, managed care organizations, hospitals, nursing homes, and national healthcare-related associations located around the country. Given our healthcare practice, we understand the unique commercial and regulatory environment in which healthcare organizations operate. Our attorneys bring their problem-solving and consensus-building skills to listen carefully to the goals of their clients and recommend practical solutions.