Jackson Health System was fined $2.15 million for HIPAA violations that included an employee selling patient information for years, an incident in which an NFL player's PHI was shared with an ESPN reporter, and more.
Q: Can a cloud provider like Amazon Web Services or Microsoft Azure, when considered a business associate (BA), be held liable for breach notification requirements?
New York Gov. Andrew Cuomo signed legislation on October 7 that prohibits ambulance and first response service providers from selling patient information to third parties for marketing purposes.
Q: We’ve had a breach of unsecured PHI regarding an out-of-state patient. What is your recommended first step in terms of which breach notification laws—state vs. federal—we need to comply with?
