Skip to content
Photo of Linn Foster Freedman

Linn Freedman is chair of the firm’s Data Privacy + Security Team. She is also an active member of firm’s Health Law Group, education practice, Environmental + Utilities Group, Insurance + Reinsurance Group, and Business Litigation Group. Her practice focuses on data privacy and security law, responses to data breaches, compliance with federal and state privacy and security laws, breach notification laws, and assisting clients with regulatory investigations.

Ms. Freedman is experienced in providing counsel to health care organizations, Regional Health Information Organizations, and privacy and security issues related to interoperability of electronic health records. She has litigated complex cases, including privacy cases, and class action data breach litigation in state, federal, and appellate courts, government investigations, and serves as general counsel of the Rhode Island Quality Institute. Read her full rc.com bio here.

The Office for Civil Rights (OCR) recently announced that it has entered into the 20th settlement under its Right of Access Initiative. The settlement with Children’s Hospital and Medical Center in Nebraska includes an $80,000 payment by the hospital for failing to provide a mother with timely access to her daughter’s medical records.

According

In a rare move, the Department of Health and Human Services (HHS) has issued a warning to hospitals and health systems to prioritize the patching of a two-year-old vulnerability in picture archive communication systems (PACs). PACs are used for the exchange and storage of health scans and images, such as MRIs, CT Scans, breast imaging,

The Office for Civil Rights (OCR) last week announced a settlement with Peachstate Health Management LLC (aka AEON Clinical Laboratories) following a compliance review that uncovered alleged violations of HIPAA.

The settlement includes a $25,000 payment to OCR by Peachstate, a corrective action plan, and three years of monitoring by OCR.
Continue Reading OCR Announces Settlement with Clinical Lab for Alleged HIPAA Violations

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the parent of Excellus Health Plan, over alleged violations of HIPAA relating to a data breach that occurred from December 23, 2013 through May 11, 2015. During that time, a cybercriminal obtained access to its IT systems and installed malware that allowed the intruder to obtain access to the protected health information of more than 9.3 million individuals.
Continue Reading Excellus Health Plan Pays $5.1M to OCR in Settlement Following Data Breach

The Office for Civil Rights (OCR) recently settled a tenth case under its right-to-access initiative with California-based Riverside Psychiatric Medical Group (RPMG), for $25,000.

Although a relatively small settlement in the amount paid, it shows that the OCR is taking patients’ requests for access to their medical records seriously, and that no complaint is too small to investigate and enforce.
Continue Reading OCR’s Tenth Right to Access Settlement Is Small but Meaningful

The Office for Civil Rights (OCR) issued a press release on November 12, 2020, announcing that it had settled its eleventh enforcement action in its HIPAA Right-of-Access Initiative. The settlement with Dr. Rajendra Bhayani, an otolaryngologist (ENT) practicing in Regal Park, New York, included a payment of $15,000, a corrective action plan and two years of monitoring by the OCR.
Continue Reading OCR Settles Another Right-of-Access Initiative Case

New Jersey Attorney General (AG) Gurbir S. Grewal announced on November 2, 2020, that his office has settled with ShopRite’s parent company, Wakefern Food Corp. (Wakefern) and two of its supermarket entities for $235,000 for a data breach that occurred in 2016.

According to the press release, the AG alleged that Wakefern violated HIPAA and the New Jersey Consumer Fraud Act (CFA) by “failing to properly dispose of electronic devices used to collect the signatures and purchase information of pharmacy customers” in its Kingston and Millville ShopRite stores.
Continue Reading ShopRite Settles with New Jersey AG for Data Breach

On October 27, 2020, the FBI and the Department of Homeland Security (DHS) warned the health care industry about “an imminent cybercrime threat to U.S. hospitals and healthcare providers.”

According to the warning, which was shared during a conference call, the government has received “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The information was being shared with participants so that they can take timely precautions to protect their networks from the threat.
Continue Reading Warning to Hospitals of Imminent Threat Released by U.S. Government

Continuing with its previous enforcement actions centered on covered entities’ failure to provide patients with access to their health records, the Office for Civil Rights (OCR) announced on October 9, 2020 that it entered into a settlement with Dignity Health, doing business as St. Joseph’s Hospital and Medical Center in Phoenix (St. Joseph’s) for $160,000 for failing to respond to multiple requests of a mother for her son’s records.
Continue Reading Dignity Health Settles with OCR for $160,000 for Failing to Provide Access to Records