August 21, 2014
Partner Dana B. Rosenfeld was quoted in the DataGuidance article “USA: Massachusetts patients involved in out-of-state data breach case.” The article discusses the Massachusetts Attorney General’s announcement of a consent judgment with Women & Infant's Hospital of Rhode Island to resolve allegations that it violated federal and state information security laws after losing backup tapes allegedly containing the protected health records of over 12,000 Massachusetts residents. The consent judgment requires the hospital to pay a civil penalty of $110,000, $25,000 for attorney's fees and costs, and contribute $15,000 to funds organized by the Attorney General, which will support data security enforcement actions. Ms. Rosenfeld explained that "The Woman & Infants Hospital of Rhode Island matter makes clear that exposure to legal risk as a result of data breaches is higher than ever. Companies that interact with all types of personal information, including protected health information, should make sure they have comprehensive data security and incident response plans in place that account for the patchwork of state and federal laws governing data security practices."
To read the full article, please click here.