Last month, the U.S. Department of Health and Human Services Office for Civil Rights announced that it had entered into a settlement agreement with St. Elizabeth’s Medical Center (SEMC) in Brighton, Massachusetts. Pursuant to the nonadmission settlement, SEMC agreed to pay $218,400 and enter into a one-year corrective action plan (CAP) to settle allegations that its employees violated the HIPAA Security Rule by, among other things, storing electronic protected health information in a cloud document-sharing application.
For nearly 40 years, John Wolfe has provided crisis management advice to and directly represented businesses (public and private) and individuals confronting complex, high profile government investigations (criminal and civil). Chambers USA has described John as “having a fantastic reputation throughout the Bar as someone who can solve big-time problems,” and "one of the premier white-collar defense lawyers on the West Coast."
John is consistently recognized in The Best Lawyers in America and recommended by The Legal 500 United States as a white collar criminal defense lawyer. John relies upon a multi-disciplinary crisis management strategy to assist clients address both legal and reputational risk.
John has extensive experience representing clients in federal and state criminal and civil investigations, including state attorney general investigations, related to alleged: health care fraud, consumer protection violations, public corruption and campaign finance violations, environmental violations (both land-based and maritime), including catastrophic industrial accident investigations, cybersecurity investigations and securities and tax fraud, including money laundering. John is an accomplished and seasoned trial lawyer who has represented public and private clients in more than 100 jury trials, and appeared in state and federal proceedings throughout the Pacific Northwest, as well as California, Florida, New York, and Wyoming.
In 2004, John chaired the Magistrate Selection Committee for the Federal District Court in the Western District of Washington. He has also served on several Merit Selection panels identifying candidates for appointment to the federal bench in the Western District of Washington. He is currently co-chair of the Federal Appointments Committee for the Federal Bar Association and has served as a Ninth Circuit Representative. He was once appointed to serve as a Special Master in a matter pending before the Federal District Court in the Western District of Washington to investigate issues related to a multi-party joint defense agreement.
Posts by: John Wolfe
Earlier this month, the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) announced that it had entered into a settlement agreement with St. Elizabeth’s Medical Center (SEMC) in Brighton, Massachusetts. Pursuant to the non-admission settlement, SEMC agreed to pay $218,400 and enter into a one-year Corrective Action Plan (CAP) to settle allegations that its employees violated the HIPAA Security Rule by, among other things, storing electronic protected health information (ePHI) in a cloud document sharing application. Covered entities and business associates that increasingly leverage cloud services for storing and managing Electronic Health Records (EHR), and ePHI more generally, should take notice of this development for a number of reasons. First, it underscores the importance of conducting security assessments on, and evaluations of, cloud services before allowing employees to use them to manage ePHI and EHR. Second, it demonstrates the need to create and enforce clear policies prohibiting use of unapproved and untested cloud services. Finally, the settlement appears to have stemmed from an employee whistleblower and highlights how such whistleblowers will become more prominent considerations in cyber and data security investigations and enforcement actions.