Tag Archives: HIPAA

Regulatory Affairs – Medical imaging company will pay $3M HIPAA settlement

Read full article at MedCity

Touchstone Medical Imaging has agreed to pay $3 million to HHS’ Office for Civil Rights to settle a breach that exposed more than 300,000 patients’ protected health information.

Touchstone Medical Imaging, a diagnostic imaging services company based in Franklin, Tennessee, has agreed to pay $3 million to HHS’ Office for Civil Rights to settle potential HIPAA violations.

The company has also agreed to adopt a corrective action plan, which includes adopting business associate agreements, completing an enterprise-wide risk analysis and policies and procedures to comply with HIPAA.

According to its website, Touchstone has imaging centers in Arkansas, Colorado, Florida, Montana, Nebraska, Oklahoma and Texas.

In May 2014, the FBI and OCR notified Touchstone that one of its FTP servers allowed uncontrolled access to its patients’ protected health information, according to HHS. Search engines could index the patients’ PHI, which remained visible online even after the server was taken offline.

Read full article at MedCity

ADA Litigation – New Spin on Song-Beverly Act Litigation Against Retailers

A New Spin on Song-Beverly Act ADA Litigation Against Retailers

ADA litigation How much data are you handing over at POS? How much data are you taking/handling?  New litigation in California points also at operative locations for devices which are capturing the data.


Retailers operating brick-and-mortar stores in California are likely well aware of the state’s requirements for the collection of consumers’ personally identifiable information (PII). The Song-Beverly Credit Card Act of 1971 (the “Act”) imposes civil penalties for certain practices with respect to capturing and recording PII in cardholder transactions. See Cal. Civ. Code § 1747.08. Traditional litigation under the Act challenged retailers’ requests for telephone numbers, driver license numbers, and email addresses in connection with credit card payments at the point of sale. Beginning in 2011, when the California Supreme Court held that ZIP codes constitute PII, retailers most notably faced a wave of litigation regarding requests for customers’ ZIP codes at the point of sale before purchases were consummated. See Pineda v. Williams-Sonoma Stores, Inc., 51 Cal. 4th 524 (2011). As we reported in June 2017, filings in this area have garnered less attention in recent years as prudent retailers have modified certain aspects of their checkout policies and procedures.