A June 28 article in Bloomberg BNA’s Privacy Law Watch and other publications, "Anthem Class Suit Highlights Data Breach Risks," reported that Anthem Inc.’s recent $115 million settlement to resolve a 2015 data breach shows that healthcare companies that experience data breaches need to prepare for more than just federal government penalties. Day Pitney healthcare attorney Eric Fader was quoted in the article.
Eric told Bloomberg BNA that healthcare providers and insurers hit by data breaches now have to worry about not only investigations and enforcement actions by the Department of Health and Human Services’ Office for Civil Rights, but also state attorneys general and plaintiffs’ lawyers. “I have no doubt that we’ll be seeing more of these class-action suits and settlements as data breaches continue to proliferate,” Eric said.
Eric also expressed surprise that there haven’t been more private lawsuits in the nearly three years since the Connecticut Supreme Court ruled that HIPAA does not preempt negligence and breach of confidentiality claims in state courts, as discussed here.