With more and more health records going digital, the wide range of data breaches seems to be growing at a steady pace. If you thought that protecting health data was costly and compliance with HIPAA complicated, a breach of health data information can turn out to be a lot more cumbersome and expensive!
The AvMved Breach is the largest incident reported under the HITECH Act’s Breach Notification Rule. In a first of its kind, a recent appellate court ruling in Florida, may have just made way for the first U.S. class action lawsuit involving a health data breach to move forward to trial.
The case involved the December 2009 theft of unencrypted laptop computers from the Gainsville, Florida corporate offices of AvMedHealth Plans. The U.S. Court of Appeals Eleventh Circuit decision reversed an earlier district court decision that dismissed the case due to failure to state a cognizable injury. The laptops contained personal information on 1.2 million current and former AvMed health plan members, and among the members whose information was stored on the stolen laptops were Juana Curry and William Moore, plaintiffs in the case.
The suit alleges that both Curry and Moore became victims of identity theft, after the AvMed laptops were stolen. If the case is certified by court as a class action and is not settled before going to trial, it could be the first U.S. class action health data breach suit that goes to trial. Had AvMved ensured a tighter security and management with complete compliance to HIPPA regulations this disaster would never have occurred.
Non – compliance of HIPPA regulations can affect organizations at different levels. Although there are many health care organizations actively trying to prevent these attacks, the number, ironically, seems to be constantly on the rise. Organizations need a comprehensive compliance solution like SecureGRC that is competent to achieve and maintain security and compliance as per the regulations set forth by HIPAA and the HITECH Acts.
An automated compliance solution from eGestalt that is designed to help healthcare organizations, SecureGRC, can identify, remediate and maintain compliance for all healthcare organizations that handle Patient Health Information. An ideal solution with end-to-end automation for all your security, compliance, assessment, audit, and risk management needs, Secure GRC, simplifies the complex and time consuming process of getting into and maintaining Security and Compliance.