Wagner Header

The Wagner Law Group Description 

The Wagner Law Group, A Professional Corporation, is a nationally recognized ERISA & employee benefits, estate planning, employment, labor & human resources practice. 

 

Established in 1996, The Wagner Law Group has 23 attorneys engaged exclusively in employee benefits, estate planning and employment law. Seven of our attorneys are AV rated by Martindale-Hubbell as having very high to preeminent legal abilities and ethical standards. The firm is among the largest ERISA boutiques in the country. Our practice is national in scope, with clients in more than 40 states and several foreign countries.

 

 

Contact Info

The Wagner Law Group

 

  Integrity | Excellence

  

Massachusetts Office 

Tel: (617) 357-5200 

Fax: (617) 357-5250 

99 Summer Street 

13th Floor

Boston, MA 02110


Florida Office 

Tel: (561) 293-3590
Fax: (561) 293-3591
7108 Fairway Drive
Suite 125
Palm Beach Gardens, FL 33418

   

San Francisco Office

Tel: (415) 625-0002

Fax: (415) 358-8300

315 Montgomery Street

Suite 904

San Francisco, CA 94104

 

www.wagnerlawgroup.com

 

 

August 1, 2013 

 State and Federal Law Alert

 

Covered Entity Pays $1.7 Million Settlement to Resolve HIPAA Violations 

 

HHS's Office of Civil Rights ("OCR") recently entered into a Resolution Agreement with a health plan network to settle alleged violations of the HIPAA Privacy and Security Rules. The health plan network, a "Covered Entity" under HIPAA, agreed to pay HHS a $1.7 million settlement. (Under HIPAA, the term Covered Entity also includes group health plans.)

 

OCR said the violations resulted from a security breach of an online consumer application database. OCR began its investigation after the Covered Entity alerted HHS of a breach of electronic Protected Health Information ("PHI") following a software upgrade to its online application database.   This investigation revealed that the Covered Entity did not maintain adequate administrative and technical safeguards, as required by the HIPAA Security Rule.

 

In particular, OCR said the Covered Entity had failed to: (i) adequately implement policies and procedures for authorizing access to the electronic PHI database; (ii) perform an adequate risk analysis following a software upgrade that affected the database; and (iii) adequately implement technical safeguards to verify the identity of persons trying to access electronic PHI.

 

These inadequate security measures allowed unauthorized individuals to gain access to the electronic PHI of more than 600,000 health insurance applicants. The compromised information included health insurance applicants' names, addresses, birth dates, Social Security numbers, telephone numbers and health information.

 

Interestingly, OCR's Resolution Agreement with the Covered Entity did not contain a Corrective Action Plan ("CAP"). The absence of a CAP suggests that the Covered Entity may have taken sufficient mitigating action and adopted acceptable security measures following the breach. It is likely that the Covered Entity's initiative to take sufficient remedial steps to correct the breach saved it from millions of dollars of costs associated with a formal CAP and several years of ongoing HHS supervision.

 

To prevent breaches of PHI and costly HIPAA enforcement actions, Covered Entities are advised to take the following action steps:

  • Conduct new risk analyses after all modifications to underlying technology;
  • Update policies and procedures to account for changes in technology or practices;
  • Regularly provide HIPAA training to employees;
  • Conduct HIPAA audits;
  • Monitor security breaches; and
  • Create and implement a breach response plan. 

 

This Newsletter is protected by copyright. Material appearing herein may be reproduced with appropriate credit.

  

Pursuant to Internal Revenue Service Circular 230, we hereby inform you that any advice set forth herein with respect to US federal tax issues is not intended or written by The Wagner Law Group to be used and cannot be used, by you or any taxpayer, for the purpose of avoiding penalties that may be imposed on you or any other person under the Internal Revenue Code.

 

This Newsletter is provided for information purposes by The Wagner Law Group to clients and others who may be interested in the subject matter, and may not be relied upon as specific legal advice.  This material is not to be construed as legal advice or legal opinions on specific facts. Under the Rules of the Supreme Judicial Court of Massachusetts, this material may be considered advertising.