Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.
A lawsuit has been filed against SuperCare over a HIPAA breach. This is significant in that this lawsuit has been filed by patients. SuperCare reported the breach on March 28, 2022, and within one month they were hit with this lawsuit from the impacted patients.
In 2021, 23 disclosed data incidents resulted in 58 separate lawsuits, in come cased multiple lawsuits were filed because of a single event. Three of these lawsuits filed were for incidents that affected fewer than 8,000 individuals. The lawsuits often site violations of Federal HIPAA Laws, State Privacy Laws, FTC Rules.
Among the allegations in the SuperCare lawsuit include that the patients were not notified in a timely manner and that SuperCare failed to maintain adequate security to protect patient records.
What does this mean for you and your practice?
The number of HIPAA Breaches hit an all time high in 2021 and the numbers are only increasing. Lawsuits from patients affected by patients are also increasing. In 2021 714 incidents were reported to the Office of Civil Rights (OCR) up from 662 in 2020. And OCR referred a record number of breaches to the Justice Department for investigation of criminal violations in 2021. This all means increased risk for you. But there are ways to mitigate your risk.
In 2021 an amendment was made to include a HIPAA Safe Harbor for organizations that have adopted recognized security practices for at least 12 months prior to a data breach. These recognized security practices are documented in the HIPAA Regulations and in a document published known as Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations. Compliance with these regulations is extremely helpful after a HIPAA Breach to enable you to avoid fines from the Federal Government, and they may be helpful to your legal team should you be hit with a lawsuit from patients because of the HIPAA breach.
The TLD Systems HIPAA Security Program is aligned with the HIPAA Regulations and with Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations. By working with TLD Systems you are putting yourself in the best possible position to avoid a breach and should you experience a breach you are in the best possible position to minimize the pain, suffering, and financial impact the breach may have on your practice.