June 27, 2019

June 26, 2019

Subscribe to Latest Legal News and Analysis

June 25, 2019

Subscribe to Latest Legal News and Analysis

June 24, 2019

Subscribe to Latest Legal News and Analysis

States Taking Actions Against Health IT Companies Over Data Breaches

Twelve state attorneys general have brought suit against two medical Information Technology companies. The AGs allege that the companies, Medical Informatics Engineering Inc. and its subsidiary, NoMoreClipboard LLC, had poor security practices that led to medical data breaches. Those breaches impacting close to four million patients. This case is the first coordinated multistate attorney general Health Insurance Portability and Accountability Act related action. The AGs are accusing the companies of not taking adequate steps to protect information, and failing to timely notify patients of known breaches.

Specifically, in the complaint the AGs claim that that the companies failed to have an active security monitoring and alert system, and that they did not encrypt PHI within their systems. The AGs also allege that no assessments of the potential risks relating to PHI was done, nor was HIPAA training conducted. Finally, the complaint alleges that the companies did not have or adhere to reasonable and appropriate standards for protecting patient information. This case evidences a trend of states enforcing consumer and data privacy laws.

Putting it Into Practice: This complaint demonstrates the expectations regulators have regarding the types of security measures companies should have in place for protecting PHI. Multistate litigation enforcing HIPAA violations could significantly increase the potential penalties applicable to companies that do not have the proper safeguards in place.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.

TRENDING LEGAL ANALYSIS


About this Author

Matthew Shatzkes Attorney New York Sheppard Mullin
Associate

Matthew Shatzkes is an associate in the Corporate Practice Group in the New York office of Sheppard Mullin and is a member of the firm’s healthcare practice team.

Matthew Shatzkes advises healthcare entities and not-for-profit corporations on a wide range of business, regulatory and transactional matters. Mr. Shatzkes advises clients on issues relating to entity formation, governance, corporate transactions (mergers, asset sales, dissolutions), and compliance with various federal and state laws, including regulatory compliance matters. Mr. ...

212-634-3062
Kimberly Rai Lawyer Sheppard Mullin NYC
Attorney

Kimberly Rai is an attorney in the Corporate Practice Group in the firm's New York office.

As a member of the firms Due Diligence Team, Ms. Rai supports the Corporate and Finance & Bankruptcy Practice Groups on various matters relating to mergers and acquisitions, venture capital and private equity.

Prior to joining the firm, Ms. Rai worked in house as Assistant General Counsel for a retail energy supplier. She has experience in retail energy compliance and general corporate matters

Education

  • J.D., Fordham University School of Law
  • B.A., New York University
212-653-8195