Data Breaches Can Result in Federal and State Liability

Regulatory bodies continue to impose severe penalties on covered entities who fail to protect patient data from unauthorized disclosure.

Community Health Systems, Inc. recently settled claims with HHS Office of Civil rights resulting from a 2014 data breach that exposed personal information of approximately 6.1 million patients for $2.3 million.

But settlement with the federal government does not necessarily end the matter as such large-scale data breaches likely implicated state law.

On October 8, 2020, the New Jersey Attorney General announced a multi-state settlement involving 28 participating states for a total of $5 million.

These cases are in contrast to penalties imposed on providers who fail to give patients access to their own records, such as the recent $160,000 fine imposed on Dignity Health.

Sources: Community Health Systems, Inc. Settles for $5 M in Multi-State Settlement; Dignity Health Settles with OCR for $160,000 for Failing to Provide Access to Records