Arthur Fried, a Member of the Firm in the Health Care and Life Sciences practice, in the New York office, was quoted in an article titled "Avoid Data Breach Suits With Quick Reactions."

Following is an excerpt:

Physician groups, particularly smaller ones, often lack the most robust systemic protections, such as encryption, that help to prevent damage from data loss, warns Arthur J. Fried, JD, a healthcare attorney with Epstein Becker Green in New York City.

"Enforcement, and penalties, are on the rise," says Fried.

The Office of Civil Rights of the Department of Health and Human Services, which has responsibility for enforcement of the Health Insurance Portability and Accountability Act (HIPAA), announced its first wave of routine HIPAA compliance audits this year, and three physician practices are among the first 20 audits to be performed, he notes. ?...

"Data breaches take many forms," says Fried. "I have seen instances of patients' charts stolen from physicians' cars."

Data breaches might involve lost laptops and flash drives, improper disposal of paper records, failure to secure paper records, and failure to recognize that financial records also contain medical information as well as Social Security numbers, which also are protected by many state laws, says Fried.

"These can be prevented, or at least the damage mitigated, by up-to-date privacy and security policies, performing a HIPAA self-audit, and regular training," he says.

Physician practice HIPAA policies should include administrative, physical, and technical safeguards, advises Fried.

Self-audits should include a review to determine whether all required policies were current and available, that training occurs regularly, and that compliance was well documented, he says.

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.