Latest Publications

Share:

Public Still Must be Kept Private under HIPAA

A not-for-profit health care system recently agreed to pay the Department of Health and Human Services (HHS) $2.4 million as part of a settlement over potential Health Insurance Portability and Accountability Act (HIPAA)...more

5/17/2017  /  Data Protection , HHS , HIPAA , PHI

A Draft Won’t Do: OCR Settles with CardioNet $2.5m for Failing to Finalize Policies and Procedures

On April 24, 2017, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac...more

DWT Releases Latest Health Care Breach Charts

Following the HITECH Act, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued regulations requiring HIPAA covered entities to provide certain notifications for breaches of unsecured...more

3/17/2017  /  Data Breach , HHS , HITECH , OCR

Modernization? SAMHSA Falls Short in Updating 42 C.F.R. Part 2

On January 18, 2017, the Department of Health and Human Services Substance Abuse and Mental Health Services Administration (“SAMHSA”) published a final rule amending 42 C.F.R. Part 2 (“Part 2”), with an effective date that...more

42 C.F.R. Part 2 Final Rule Is Officially Delayed … Can Comments to HHS and OMB Fix It?

On January 18, 2017, the U.S. Department of Health and Human Services (HHS) published a final rule amending the Confidentiality of Substance Use Disorder Patient Records rule at 42 C.F.R. Part 2. Yesterday, HHS delayed the...more

To Settle or Not to Settle – That Is the Question Raised by Recent HIPAA CMPs

On February 1, 2017, the Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that the Children’s Medical Center of Dallas (“Children’s”) has paid a civil monetary penalty (“CMP”) of $3.2 million...more

2016 Edition of HIPAA Regulations Released

The Code of Federal Regulations has recently published the 2016 version of the HIPAA regulations. This is the most up-to-date “official” version of the HIPAA regulations....more

[Webinar] HIPAA in the Cloud – OCR Guidance on HIPAA and Cloud Service Providers - Jan. 31st, 1:00pm ET

As the health care sector further embraces the benefits of cloud computing, numerous challenges have arisen with applying HIPAA to cloud computing services....more

Substance Use Disorder Information: Comments Wanted on Significant Proposed Part 2 Rule

In an unusual action, a Supplemental Notice of Proposed Rulemaking (“SNPRM”) accompanied the recent final rule on 42 C.F.R. Part 2 (“Part 2”) governing the confidentiality of certain substance use disorder information. On...more

The Price of PHI – A $2.2 Million USB Drive

A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life...more

2017 Health Information Privacy and Security New Year’s Resolutions

To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then...more

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more

OCR Sets Sights on Smaller HIPAA Breaches

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more

HIPAA Audit Check-Up – Where We Are and What’s to Come

Phase 2 of the HIPAA audits is fully underway, and covered entities now can take a breath if they have not received a desk audit request. But we still are at the beginning of Phase 2, with more to come. ...more

It’s Not the Olympics, but OCR Sets New HIPAA Settlement Records

Athletes at the Rio Olympics aren’t the only ones setting records this year. Hoping to send a “strong message” about the importance of safeguarding electronic protected health information (PHI) and conducting mandated risk...more

Business Associates Beware: First HIPAA Settlement with Business Associate

For the first time, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) has entered into a Resolution Agreement with a business associate over allegations that it potentially violated the Health...more

7/7/2016  /  Business Associates , HHS , HIPAA , OCR , PHI

HIPAA Enforcement Actions by the Numbers

Protecting patient information is a central duty for both covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA). Should a HIPAA-subject entity ever fail to protect...more

6/29/2016  /  Breach Notification Rule , HHS , HIPAA , OCR , PHI

Tennessee Gives Businesses 45 Days for Data Breach Notice

Recent amendments to the State’s data breach statute give a hard deadline for a business to provide consumer notice, removes encryption safe harbor, exempts entities that are subject to the Health Insurance Portability and...more

The Audit Protocol is Released, and Other Updated HIPAA Audits News

As we previously reported, the HHS Office for Civil Rights (OCR) launched Phase II of its audit program on March 21. Since that time, a significant amount of new information has emerged, including details regarding the...more

OCR Phase 2 HIPAA Audits Are Here: What to Expect While You’re Expecting (an Audit)

The Phase 2 audit program for HIPAA compliance is under way. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that it had launched the Phase 2 audits to examine and assess how covered...more

Can Ransomware Trap Your Health Information? OCR Highlights the Risk of Cyber Extortion in its Cyber-Awareness Initiative

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has been highlighting the threat posed by “ransomware”—when an organization is locked out of its own systems and files by cyber criminals who...more

One Step Forward and Two Steps Back: Proposed Changes to the Alcohol and Drug Abuse Treatment Confidentiality Rule

On Feb. 9, 2016, the U.S. Department of Health and Human Services Substance Abuse and Mental Health Services Administration (SAMHSA) published in the Federal Register a proposed rule putting forth amendments to the Alcohol...more

Second CMP Assessed for HIPAA Violations: Do You Know Where Your Data Is?

For only the second time in its history, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has imposed a civil money penalty (CMP) on a covered entity for allegedly violating the HIPAA...more

As if a 20-Year Consent Order Wasn’t Enough Fun: FTC Brings First Monetary Settlement in Information Security Case

The FTC reached a $250,000 settlement with a 20-year consent order with Henry Schein Practice Solutions, Inc. over its use of allegedly subpar encryption technology in its offering to dental practices. This settlement is...more

1/7/2016  /  Data Breach , Encryption , FTC , HIPAA , NIST , Settlement

You Can’t Take It with You – NY Attorney General Reaches Settlement over Exiting Clinician Taking Patient List

It may not be a big dollar amount ($15,000), but a recent New York Attorney General settlement represents a big issue—interpreting that HIPAA prohibits a health care professional who is changing practices from taking a...more

64 Results
/
View per page
Page: of 3

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.