May 22, 2019

May 22, 2019

Subscribe to Latest Legal News and Analysis

May 21, 2019

Subscribe to Latest Legal News and Analysis

May 20, 2019

Subscribe to Latest Legal News and Analysis

HHS Announces First HIPAA Breach Settlement of 2019; 300,000 Patients Affected

On May 6, 2019, the U.S. Department of Health and Human Services announced that Touchstone Medical Imaging will pay $3 million to settle potential HIPAA violations associated with a breach that exposed more than 300,000 patients’ Protected Health Information. The breach occurred in May 2014. One of Touchstone’s servers allowed uncontrolled access to patients’ PHI. As a result, Touchstone patients’ PHI was visible on the Internet. During its investigation, HHS determined that Touchstone did not thoroughly investigate the breach until several months after it was informed of the breach by law enforcement. HHS also found that the company did not conduct an accurate analysis of potential risks to the confidentiality of its PHI and did not have business associate agreements in place with its vendors.

Putting it Into Practice: This case is a reminder for entities to swiftly respond to suspected and known security incidents and to ensure that appropriate steps are taken to prevent such incidents from occurring in the first place. Steps include performing risk analyses and adopting business associate agreements with vendors.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.

TRENDING LEGAL ANALYSIS


About this Author

Matthew Shatzkes Attorney New York Sheppard Mullin
Associate

Matthew Shatzkes is an associate in the Corporate Practice Group in the New York office of Sheppard Mullin and is a member of the firm’s healthcare practice team.

Matthew Shatzkes advises healthcare entities and not-for-profit corporations on a wide range of business, regulatory and transactional matters. Mr. Shatzkes advises clients on issues relating to entity formation, governance, corporate transactions (mergers, asset sales, dissolutions), and compliance with various federal and state laws, including regulatory compliance matters. Mr. ...

212-634-3062
Associate

Susan Ingargiola is an associate in the Corporate Practice Group in the firm's New York office.

Areas of Practice

Susan advises healthcare organizations, including hospitals, health systems, insurers, community health centers, health information exchange organizations, pharmaceutical and biotechnology companies, and mobile app developers on health information privacy issues, including compliance with HIPAA and state medical record confidentiality laws, as well as other compliance- related matters. She conducts regulatory diligence in connection with healthcare transactions, including contracting and acquisitions. Susan also advises on not-for-profit governance, Medicare and Medicaid reimbursement, participation in the federal health center and 340B drug discount programs, fraud and abuse laws, audits and investigations, and other federal and state healthcare regulatory matters.

212-896-0624