It would be pretty unsettling if your patient status, vital signs, medications, and laboratory results were available for the world to see on Google, wouldn’t it? According to recent settlement agreements announced by the Department of Health and Human Services (“HHS”) on May 7, 2014, that’s exactly what happened when New York and Presbyterian Hospital (“Presbyterian”) and Columbia University (“Columbia”) suffered a data breach, and the covered entities are paying the price. Presbyterian agreed to pay $3.3 million in its settlement and Columbia agreed to pay $1.5 million in its settlement. The settlement agreements resolve alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) arising out of a breach of electronic protected health information (“ePHI”) that made the information of 6,800 individuals accessible via search engines, like Google.

You can read the full post, view and subscribe to the blog by going to