Healix Infusion Therapy, a prominent provider of ambulatory infusion services, has reportedly filed a notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR). This action took place on November 9, 2023, following the company’s discovery that an unauthorized entity had succeeded in accessing its confidential data.
The company became aware of this security incident after discovering that some confidential information previously supplied to it had been accessed by an unauthorized party. The particulars of this data, or how it was breached, have not been revealed at this time. Given the potential severity of this incident, the legal professionals in corporate entities need to be prepared to act and advise their companies on the relevant considerations.
Notifying the HHS-OCR of data breaches is a mandatory action under the Health Insurance Portability and Accountability Act (HIPAA) for all healthcare providers when they identify that unsecured Protected Health Information (PHI) has been accessed or acquired. While it might be too early to speculate, it is equally crucial for businesses, especially those in the health sector, to take note and evaluate their own data protection policies.
This event serves as a stark reminder for all corporations, including law firms, about the ongoing and significant data security risks. Firms should re-assess their cybersecurity measures, raising the question: Just how safe is our data? This also highlights the growing importance of incorporating a robust data protection strategy into business risk management.
The Healix case serves as a timely call to action for corporations to consider their compliance with data protection law, ensure the absolute security of their clients’ information, and administer immediate changes if necessary.
For the full details of the breach, please follow the link.