in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Breach Litigation: AvMed Laptop Lawsuit Being Settled

Is there no hope for plaintiffs when it comes to winning HIPAA data breach lawsuits?  According to Al Saikali from Shook, Hardy, & Bacon, the answer is "don't bet on it."  He shows that there are at least two instances where plaintiffs managed to get a settlement out of covered entities that caused a PHI data breach.  But then, I'd be the first to point out that you can rely more on HIPAA-approved encryption software than on judges willing to quash lawsuits.

Two Suits Settled

The two lawsuits that are being settled out of court are Burrows v. Winn Dixie and Resnick/Curry v. AvMed, Inc.  Of the two, the latter one has been covered in this blog.  It's also the more interesting one, as the lower courts had already judged in AvMed's favor, only to find the 11th Circuit Court of Appeals reversing it.

(If you'll recall, two unencrypted laptop computers were stolen from AvMed's offices, resulting in 1.2 million people being affected.  The plaintiffs made an interesting accusation that AvMed had essentially tricked them into believing they were HIPAA compliant when they weren't, as evidenced by the theft of the unencrypted laptops.)

Looking through the settlement notice (PDF), we learn that AvMed is not willing to admit to any wrongdoing... and that's about the only thing we do learn.

HIPAA: Encryption Is Your Friend

The definition of insanity, according to some, is doing the same thing over and over and expecting different results.  I think that it's an excellent depiction of HIPAA covered entities.  As far as PHI goes, they're insane.

Would patients feel upset about thieves possessing their personal information and medical history?  Yes.

Do they have reason to feel upset?  Of course.  Identity theft is a big problem.

Are laptops, external hard disks, USB sticks, and other digital storage devices stolen or lost by medical entities every year...heck, every month?  Yes.

Does all of the above point towards a guarantee of sorts that people will be upset at one medical organization or another in any given month because of a data breach?  Yes.

Is the Office of Civil Rights at the Department of Health and Human Services flexing their muscles and levying $1.5 million penalties?  Yes.

Can the use of encryption on laptops and other devices basically do away with all data breach problems?  Yes

And yet here we have another organization that produces revenue in the multimillions that is caught without encryption on their laptops, somehow assuming that nothing untoward will happen to them (at least, that must be the reason why they're not using encryption.  Otherwise, the lawyers really would have a reason for arguing neglect, no?).

If that's not insanity, I don't know what is.
Related Articles and Sites:
http://www.datasecuritylawjournal.com/2013/09/11/data-breach-lawsuits-settling-in-the-southern-district-of-florida/
http://www.datasecuritylawjournal.com/files/2013/09/Joint-Notice-of-Settlement-in-AvMed.pdf
http://www.databreaches.net/data-breach-lawsuits-settling-in-the-southern-district-of-florida/

 

 
<Previous Next>

Canada Medical Data Encryption: Leading Edge Physiotherapy Suffered Data Breach

iPad Security: Students At LA Highschool Easily Hack School-Issued iPads

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.