home

New Cases and Developments

NACUA's Legal Resources staff summarizes current higher education cases and developments and provides the full text of selected cases to members. New cases and developments are archived here for up to 12 months.  Cases provided by Fastcase, Inc.

Selected Topics: Faculty & Staff HIPAA
Dates
New Search
HIPAA; Faculty & Staff

Updates to HIPAA Breach Notification Portal (July 28, 2017)

The U.S. Department of Health and Human Services’ (DHHS) HIPAA Breach Portal has been updated. The Portal includes a list of breaches of unsecured protected health information affecting over 500 individuals in the past 24 months. These breaches are currently under investigation by the U.S. Department of Health and Human Services Office for Civil Rights. A separate tab labeled “Archive” contains all breach reports that have been resolved or are over 24 months old.

7/28/2017
read
HIPAA; Cybersecurity; Faculty & Staff; Technology

Health and Human Services Resolution Agreement and Corrective Action Plan for the University of Massachusetts Amherst on HIPAA (Nov. 16, 2016)

Resolution Agreement and Corrective Action Plan between the U.S. Department of Health and Human Services (HHS) and the University of Massachusetts Amherst (UMass) regarding a potential breach of unsecured electronic protected health information. After a workstation at the institution was infected by malware, which may have resulted in a violation of the privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), HHS investigated the institution and discovered several HIPAA compliance issues involving the designation of its Center for Language, Speech, and Hearing as a covered health care component. In addition to the payment of a monetary settlement, UMass has agreed to a Corrective Action Plan requiring it to conduct an enterprise-wide risk analysis; to develop and carry out a risk management plan; and to revise the Center’s policies and procedures governing the privacy of health information.

11/30/2016
read
HIPAA; Health Care & Insurance; Compliance & Risk Management

Department of Health and Human Service's Office of Civil Rights and University of Washington Medicine Enter Resolution Agreement

Settlement entered into between the University of Washington and the Department of Health and Human Services (HHS) to resolve a HIPAA security breach stemming from unsecured electronic protected health information. HHS determined that UW Medicine failed to implement policies and procedures to prevent, detect, contain, and correct security violations. The University agreed to pay $750,000 as part of the resolution and enter into a corrective action plan set forth by the HHS.
2/1/2016
read