- Data breach affected 800,000 people
- Handled inquiries from state attorneys general and HHS
- Managed risk assessment under HIPAA and HITECH
A major Massachusetts hospital sought counsel in connection with a data breach involving the loss of medical and financial records of approximately 800,000 patients, employees, doctors, and staff.
A Mintz attorney defended the hospital against federal and state regulatory enforcement actions, class actions, and the pursuit of affirmative litigation against companies responsible for loss of the data. Throughout the investigation, Mark Robinson dealt with multiple state attorneys general’s offices, the Department of Health & Human Services, and then regulators. In addition, we managed risk assessments under the HIPAA and HITECH statutes, federal acts that restrict access to individuals’ private medical information.
The hospital successfully managed the crisis and avoided regulatory enforcement actions, class actions, and other adverse consequences. At the same time, the hospital established stricter risk management policies to prevent future data breaches.