In March 2013, the Second Circuit certified to the New York Court of Appeals the issue of whether a medical corporation may be liable for the unauthorized disclosure of medical information, when the employee responsible for the breach was not a physician and was acting outside the scope of her employment (see post). 

In  last week’s decision in Doe v. Guthrie Clinic, Ltd. the Second Circuit Court of Appeals certified to the New York Court of Appeals the issue of whether a medical corporation may be liable for the unauthorized disclosure of medical information, when the employee responsible for the breach was not a physician and was

The US Department of Health and Human Services Office of Civil Rights (“OCR”) recently released its HIPAA audit protocol.  Audits of HIPAA compliance were mandated by the 2009 Health Information Technology for Economic and Clinical Health (“HITECH”) Act, which amended many parts of HIPAA and included breach notification requirements.

The OCR conducted a number of