Message sent and received: First HIPAA settlement involving a business associate – a cautionary tale
The math is eye-opening — a $650,000 settlement for breach affecting 412 people. In the first HIPAA settlement involving a “business associate,” HHS’s Office of Civil Rights (OCR) has sent a strong message to all business associates about the importance of complying with HIPAA’s privacy and security rules.
Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a non-profit organization that provides management and information technology services to skilled nursing facilities, is a business associate under HIPAA because performed certain services using protected health information (PHI) on behalf of a HIPAA “covered entity” (a description of covered entities is here and a description of business associates is here). In 2014 a smartphone provided by CHCS to an employee was stolen. The smartphone had PHI of 412 patients and was neither encrypted nor password-protected. Read more…
Your weakest cyber security leak may be outside your own network. In another demonstration of how an organization can face significant financial and reputational exposure from another’s failure of cyber security, Massachusetts General Hospital announced on this week that one of its vendors suffered a cyber breach — on the vendor’s own network — that exposed more than 4,000 records of MGH patients. Some of the compromised information may have included patient names, dates of birth and Social Security numbers.
The French government took measures last week to lower the health risks to clinical trial participants following the final report regarding a phase 1 clinical trial that killed one person and hospitalized five others in January. France’s health minister Marisol Touraine presented a plan on Monday for stricter rules regarding human drug trials. The plan also requested the Rennes-based Biotrial CRO that conducted the trial to submit a “plan of action” within a month to explain how it will avoid a repeat of these or else lose its operating license.
The report, issued by France’s General Inspectorate of Social Affairs (IGAS), also calls on the government to “mobilize the international scientific community” to find out what went wrong and suggests a range of scientific approaches, such as testing whether the drug hits other brain targets than the intended one and a study of the potential toxicity of the compound’s metabolites. Read more…
With the warm weather approaching, many people are thinking of summer vacations and shedding the winter clothes. However, with the changing seasons comes the threat of bugs and the viruses they carry. As we previously discussed on our blog, Zika Virus is the threat of the year and does not appear to be going anywhere due to the lack of knowledge surrounding the virus.
According to the CDC, there are currently 358 confirmed cases of Zika Virus in the United States, but it’s important to note that 351 of these are from those who have traveled to other countries where the virus lives, and only 7 are due to sexual transmission. The biggest concern for the CDC is the transmission of the disease from one person to another. Women who have been in an infected area are told to wait 8 weeks before trying to conceive; while men are told to wait 6 months, as the virus has been noted to last even longer in their bodies. The transmission of the disease between partners and to an unborn child is a significant scare due to the lack of preparation against the disease.
On Monday a Federal appeals court in Virginia upheld a lower federal court ruling that held a Commercial General Liability (CGL) may in fact cover a data breach. The legal battle involves the Personal Injury insuring agreement and the coverage under the Personal Injury coverage part is often ambiguous.
In the underlying case, The Travelers Indemnity Company of America was required to provide a defense for its insured, Portal Healthcare Solutions, LLC, for an underlying data breach class action filed against Portal by customers whose private medical information was posted on the intranet.
A new item is being introduced into the life science market and it’s getting wide recognition for being the first of its kind: 3D printing. There has been much talk regarding the world of 3D printing but it has not been previously connected with the life science industry. The FDA has approved the first 3D printing drug, produced by Aprecia Pharmaceuticals and its being made to treat seizures and epilepsy.
The 3D pill hit the market earlier this year and questions as to whether the same guidelines apply to the production are arising. When a new drug is introduced, there are several markers that the company must follow, what companies are wondering now is if the same rules apply for a drug that is being 3D printed. Will there be similar guidelines for equipment use and quality control? Quality assurance has been one of the biggest questions surrounding 3D printing in terms of products; with the product now being of a medical background the quality control guidelines are going to be strictly followed and monitored to be sure the product comes out the same as it would under a mechanically generated pill. Read more…
Deal volume in Q4 2015 was very high, with many private equity firms charging hard for year-end closes. However, January experienced a slower pace for deal volume. Our team suspects many private equity firms were evaluating their portfolios, if sellers will adjust their pricing, and evaluating any potential impact from China’s economy.
In addition, the actions and commentary of the Fed in January when it comes to raising interest rate, has provided some uncertainty.
With February behind us, and only a few weeks away from the end of Q1, activity has steadily increased, and it appears as if the rest of 2016 will continue to follow suit. Deal flow has increase quite well, and in speaking with deal professionals and advisors, many seem to be cautiously optimistic for 2016 overall, as pipelines are filling up. Read more…