Discerning Data

FTC Opinion Holds False Express Privacy Claims are Material

The Federal Trade Commission’s Opinion finding that Cambridge Analytica engaged in deceptive practices to harvest personal information closes another chapter in the Commission’s actions against Cambridge Analytica and its former chief executive and app developer. The opinion is noteworthy for two reasons. First, the procedural posture of this matter is unique because Cambridge Analytica failed to appear or to answer the complaint. This allowed the Commission under its Rules of Practice to find the facts to be as alleged in the complaint and to enter a final decision. Second, the Commission’s opinion holds that a false express privacy claim is material and thus violates Section 5 of the FTC Act.

Continue reading “FTC Opinion Holds False Express Privacy Claims are Material”

$1.6 Million Civil Money Penalty for HIPAA Breach Impacting 6,617 Individuals

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services imposed a $1.6 million civil money penalty (CMP) against the Texas Health and Human Services Commission, Department of Aging and Disability Services (HHSC) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HHSC is a Texas state agency headquartered in Austin, Texas that is responsible for the delivery of benefits and services in Texas for several programs including Medicaid for families and children, long-term care for people who are older or who have disabilities, behavioral health services, and services for women and other people with special health needs.

Continue reading “$1.6 Million Civil Money Penalty for HIPAA Breach Impacting 6,617 Individuals”

$3 Million OCR HIPAA Settlement Due to Lost Flash Drive and Stolen Laptop

The University of Rochester Medical Center (URMC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $3 million no-fault settlement agreement and two year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading “$3 Million OCR HIPAA Settlement Due to Lost Flash Drive and Stolen Laptop”

$2.15 Million Civil Money Penalty for HIPAA Violations

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services imposed a $2,154,000 civil money penalty (CMP) against Jackson Health System (JHS) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Security and Breach Notification Rules, stemming from various instances of noncompliance that occurred between 2013 and 2016.

Continue reading “$2.15 Million Civil Money Penalty for HIPAA Violations”

October is National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month (NCAM). NCAM serves as a timely reminder to continue to assess and improve organizational cybersecurity.

Continue reading “October is National Cybersecurity Awareness Month”

Dental Practice Impermissibly Discloses PHI on Yelp

Elite Dental Associates, Dallas (Elite Dental) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) entered into a $10,000 no-fault settlement agreement and two year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading “Dental Practice Impermissibly Discloses PHI on Yelp”