Prevention of Class-Action Lawsuits Due to Data Breaches
ComplyAssistant and its legal consultants recently offered insight on litigation of data breaches to For the Record magazine. The following blog post highlights some of the key points of the article.
As sensitive data breaches become increasingly commonplace, many individuals are seeking to hold breached organizations responsible for the violation of their privacy. As a result, class- action lawsuits have emerged as a popular trend in the world of data breach litigation. With the rapid increase in this type of legal action, healthcare organizations must take measures to prevent data breaches. The first step to prevention is understanding why class-action lawsuits are on the rise as a response to data breaches.
Class-action suits associated with data breaches typically arise from reasons ranging from invasion of privacy claims to breaches of contract due to violation of an organization’s HIPAA Notice of Privacy Practices. When going through lower courts, many of these lawsuits are tossed out on the grounds that a breach alone does not meet the legal thresholds necessary for a class-action lawsuit. However, some cases are now being allowed to proceed, giving plaintiffs an opportunity to make the case for their claims rather than being ousted at the get-go.
In California, “breach statuses” have been enacted to allow plaintiffs to proceed without showing actual damages from a breach. Further, these cases set penalty amounts that can be assessed automatically as punishment for inadequate data protection by breached organizations. In New Jersey, individuals can sue organizations after a breach in HIV/AIDS information. Also contributing to the increase in class-action suits is HIPAA’s requirement that covered entities notify individuals in writing and/or media when protected health information has been breached.
What this means for healthcare providers is that a cybersecurity event is more likely to result in legal action from affected individuals. The potential risks, monetary and non-monetary, are far too great for organizations to overlook. Preventing breach events is now paramount.
When it comes to preventing a breach, consider the following factors:
- ComplyAssistant’s legal consultants recommend that organizations ensure their data collection and disclosure practices are in compliance with industry standards.
- Cyber/Breach Insurance. Covered entities should have cyber and breach insurance that is continually reviewed to ensure appropriate coverage. Failure to do so could result in an organization’s failure to provide documented evidence of HIPAA compliance, which could ultimately lead to payment denials on the grounds of willful neglect. In other words, an organization could be stuck facing the costs of a data breach.
- Employee Training. While prevention is the name of the game, organizations must be ready if a data breach occurs. Employees should be continually trained to handle organizational changes, along with constantly changing external threats such as malware attacks, phishing campaigns and other methods of virtual theft.
Healthcare is facing threats from both cybercriminals and the individuals whose information is targeted for attack. Hospitals and provider organizations that perform due diligence will be prepared to reduce the risks of data breach litigation.
To learn more about software solutions to risk management and breach prevention, contact ComplyAssistant.