Recent Healthcare Data Breaches Highlight Need for More Security - Scott & Scott, LLP says HIPAA Omnibus Rule Increases Fines

Share Article

Scott & Scott, LLP says health care data breaches reported in 2013 highlight the need for more diligence and vigilance to combat the growing problem. With fines increasing as a result of HIPAA new omnibus rule that took effect on March 26, companies face increased penalties and need to be more careful.

Robert J. Scott, Managing Partner, Scott & Scott, LLP photo

Robert J. Scott, Managing Partner, Scott & Scott, LLP

Healthcare providers face increased fines under the new HIPAA Omnibus Rule.

Robert J. Scott, Managing Partner, of Scott & Scott, LLP, an intellectual property and technology law firm with a practice area focus on privacy and security, says “The following recent cases of data breach illustrate different ways patient records may be accessed and the importance for healthcare companies and their business associates (sub-contractors, agents, vendors) to shore up access to patient health information”.

Oregon Health & Science University reported on March 25th that a laptop was stolen from a vacation rental home in Hawaii containing medical record numbers, types and dates of surgeries, and names of surgeons of 4022 patients.OHSU noted that they required encryption for laptops used for patient care but the stolen laptop was not because it was used for research purposes. According to OHSU's website this is the second time they have suffered a loss in the last year. In July, OHSU sent letters regarding a burglary in a hospital employee’s home which included a briefcase with a flashdrive containing about 14,000 patients' information along with information about 200 employees.

A Walgreens Company, Crescent Healthcare, notified patients on February 21 that an unauthorized person or persons gained access to their Anaheim Billing Center offices and stole computers and other paper records containing names, addresses, phone numbers, social security numbers, health insurance information, date of birth, and medical information.

A Wisconsin three-hospital health system, Froedhert, sent notification letters the week of February 12th that a virus infected an employee’s computer and may have obtained information including patient’s names, addresses, phone numbers, dates of birth, medical record numbers, health insurance information and social security numbers in some cases.

On February 12th, the United States Attorney for the Southern District of Florida, announced that Salita St. Simon, a senior clerk at the Palm Beach County Health Department was arrested on charges of identity theft. According to the criminal complaint, for approximately the last year, the clerk obtained patient identification information, including more than 2800 patient names, and other personal data from the department’s computer system and gave that information to her accomplices to file fraudulent tax returns.

On March 26th, the U.S. Department of Health and Human Services update to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and HITECH Act of 2009 went into effect that include changes in how healthcare organizations and their business associates handle data breaches.

Scott & Scott, LLP believes the changes, especially the substantial fine increase from $25,000 to an annual cap of $1.5 million, and new reporting requirements for covered entities and business associate should encourage healthcare providers to put security on their priority list.

Health care providers, health plans, and other entities that have access to personal health information should take immediate steps to implement and train staff on the new rules even though enforcement does not start until September 23.

About Scott & Scott, LLP
Scott & Scott is an intellectual property and technology law firm dedicated to helping senior executives assess and reduce the legal, financial, and regulatory risks associated with information technology issues. An innovative approach to legal services, Scott & Scott believes that collaboration between legal and technology professionals is necessary to solve and defend against the complex problems our clients face, including privacy and network security, IT asset management, software license compliance, and IT transactions. Legal and technology professionals work in tandem to provide full-service representation. By combining these resources, Scott & Scott is better able to serve clients' needs than law firms and technology services firms working independently of one another. Visit Scott & Scott online at

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Anita Scott
Visit website