Compliance Lessons From $1M HHS Fine For Data Breach

Law360 (August 14, 2020, 5:51 PM EDT) -- The Office of Civil Rights in the U.S. Department of Health and Human Services continues to penalize covered entities for breaches of patients' electronic protected health information, or ePHI, under the Health Insurance Portability and Accountability Act privacy rules.[1]

In a recently published press release, the OCR announced that Lifespan Health System's affiliated covered entity entered into a settlement agreement with the OCR, wherein Lifespan agreed to pay $1.04 million and enter into a corrective action plan as a result of a data breach affecting 20,431 patients.[2]

The ePHI included patient names, medical record numbers, demographic information, including partial address information, and...

Stay ahead of the curve

In the legal profession, information is the key to success. You have to know what’s happening with clients, competitors, practice areas, and industries. Law360 provides the intelligence you need to remain an expert and beat the competition.


  • Access to case data within articles (numbers, filings, courts, nature of suit, and more.)
  • Access to attached documents such as briefs, petitions, complaints, decisions, motions, etc.
  • Create custom alerts for specific article and case topics and so much more!

TRY LAW360 FREE FOR SEVEN DAYS

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!