OCR Presents Preliminary HIPAA Audit Findings
OCR’s Audit Program, which began in December 2011, is part of HHS’ efforts under HITECH to assess HIPAA compliance by covered entities, identify best practices, and discover risks and vulnerabilities...
View ArticleAlaska Medicaid Pays $1.7 Million to Settle HIPAA Violations
Last week, the Alaska Department of Health and Human Services (“Alaska DHHS”), the state’s Medicaid agency, agreed to pay U.S. Health and Human Services $1.7 million to settle alleged violations of the...
View ArticleFinal Omnibus HIPAA Rule Delayed
Still waiting. The White House Ofice of Management and Budget (“OMB”) has extended its review of the final omnibus HIPAA rule, validating recent comments indicating that further delay was likely. As...
View ArticleAdditional Costs of Breach: Identity Theft Class Action Moves Forward
The costs of HIPAA breaches are well-documented. Thefts of laptops containing sensitive health information of patients impose significant costs on providers and their business associates, ranging from...
View ArticleOCR Settles with Hospice of Northern Idaho for $50,000.00
OCR’s recent enforcement action against a small non-profit hospice organization in Idaho is more evidence that OCR is looking carefully at HIPAA Security Rule compliance. On December 28, 2012, HHS...
View ArticleHIPAA Final Rule Clarifies Business Associate Obligations
Business Associates: You’re on notice. When the Health Information Technology for Economic and Clinical Health Act (“HITECH”) was enacted nearly four years ago, business associates were aware that...
View ArticleThe Final Omnibus HIPAA Rule: Are You Ready?
As we mentioned in last week’s Webinar on the HIPAA Final Omnibus Rule, there are less than nine short months for covered entities and their business associates (and all downstream business associates)...
View ArticleWho Are My Business Associates, and Why the HIPAA Should I Care?
Much has been made about business associates in HITECH and the HIPAA Final Omnibus Rule. In a previous post and in our webinar we hit on the high points – that much of HIPAA applies directly to...
View ArticleHIPAA Webinar: Updates to The Privacy Rule
Please join us this Tuesday, March 19, 2013 for a complimentary webinar to further discuss the release of the Final Omnibus HIPAA Rule by the U.S. Department of Health and Human Services. This is the...
View ArticleEMR Privacy Issues Unique to Children
Many thanks to our colleague, Robin Canowitz, for submitting the following guest post. Implementing an Electronic Medical Record (“EMR”) brings many clinical and economic benefits to an institution....
View ArticleWebinar: HIPAA Privacy and Security Rules: The New Breach Standard
Join us for a complimentary webinar to further discuss the release of the final omnibus HIPAA rule by the U.S. Department of Health and Human Services. The new rule includes sweeping changes to the...
View ArticleThe Photocopier: A Vulnerability Hidden in Plain Sight
The U.S. Department of Health and Human Services (“HHS”) announced last week that Affinity Health Plan, Inc. will settle potential violations of the HIPAA Privacy and Security Rules for more than $1.2...
View ArticleOne Month and Counting: HIPAA’s Compliance Date is September 23, 2013
We are in the home stretch in the race to the September 23 compliance deadline. With only one month to go, whether you are a covered entity or a business associate, you should be nearly finished with...
View ArticleHIPAA Security Risk Analysis: Fact or Fiction?
Leading up to the recent compliance date for the Final HIPAA Rule, much was made about the need for providers to perform a security risk analysis. Quite a bit of dialogue around the increased security...
View ArticleEmployee Sentenced to 3 Years for Violating HIPAA
A nursing assistant at a Florida assisted living facility was sentenced last week to 37 months in prison for violating HIPAA’s prohibition on the wrongful disclosure of patient health information. The...
View ArticleOIG Report Criticizes HIPAA Oversight
The HHS Office of Civil Rights (“OCR”) has failed to comply with the HITECH Act’s mandate to audit HIPAA covered entities and business associates, according to a recent report published by the HHS...
View ArticleDermatology Practice Hit With $150,000 HIPAA Penalty
2013 ended like it started – with OCR actively monitoring and enforcing health care provider HIPAA compliance. On December 26, 2013, OCR imposed a $150,000 penalty and a corrective action plan upon a...
View ArticleNew Access Rights to Lab Test Reports
In an effort to further eliminate barriers to the exchange of health information and encourage a more active patient role in personal health care decisions, federal regulators have once again expanded...
View ArticleNew HHS Guidance on HIPAA Privacy Rule and Sharing Mental Health Information
Many thanks to our colleague Robin Canowitz for assisting us in drafting this post. The U.S. Department of Health & Human Services (“HHS”) issued new guidance regarding the HIPAA Privacy Rule and...
View ArticleOCR TO BEGIN SECOND ROUND OF HIPAA AUDITS
The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has announced that it is gearing up for its second round of HIPAA compliance audits later this year. The HIPAA Audit...
View Article
