Latest Posts › HHS

Share:

DWT Releases Latest Health Care Breach Charts

Following the HITECH Act, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued regulations requiring HIPAA covered entities to provide certain notifications for breaches of unsecured...more

3/17/2017  /  Data Breach , HHS , HITECH , OCR

42 C.F.R. Part 2 Final Rule Is Officially Delayed … Can Comments to HHS and OMB Fix It?

On January 18, 2017, the U.S. Department of Health and Human Services (HHS) published a final rule amending the Confidentiality of Substance Use Disorder Patient Records rule at 42 C.F.R. Part 2. Yesterday, HHS delayed the...more

2016 Edition of HIPAA Regulations Released

The Code of Federal Regulations has recently published the 2016 version of the HIPAA regulations. This is the most up-to-date “official” version of the HIPAA regulations....more

[Webinar] HIPAA in the Cloud – OCR Guidance on HIPAA and Cloud Service Providers - Jan. 31st, 1:00pm ET

As the health care sector further embraces the benefits of cloud computing, numerous challenges have arisen with applying HIPAA to cloud computing services....more

The Price of PHI – A $2.2 Million USB Drive

A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life...more

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more

OCR Sets Sights on Smaller HIPAA Breaches

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more

It’s Not the Olympics, but OCR Sets New HIPAA Settlement Records

Athletes at the Rio Olympics aren’t the only ones setting records this year. Hoping to send a “strong message” about the importance of safeguarding electronic protected health information (PHI) and conducting mandated risk...more

Business Associates Beware: First HIPAA Settlement with Business Associate

For the first time, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) has entered into a Resolution Agreement with a business associate over allegations that it potentially violated the Health...more

7/7/2016  /  Business Associates , HHS , HIPAA , OCR , PHI

HIPAA Enforcement Actions by the Numbers

Protecting patient information is a central duty for both covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA). Should a HIPAA-subject entity ever fail to protect...more

6/29/2016  /  Breach Notification Rule , HHS , HIPAA , OCR , PHI

The Audit Protocol is Released, and Other Updated HIPAA Audits News

As we previously reported, the HHS Office for Civil Rights (OCR) launched Phase II of its audit program on March 21. Since that time, a significant amount of new information has emerged, including details regarding the...more

Second CMP Assessed for HIPAA Violations: Do You Know Where Your Data Is?

For only the second time in its history, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has imposed a civil money penalty (CMP) on a covered entity for allegedly violating the HIPAA...more

Confusion Continues Over Medical Identity Theft Victim Rights under HIPAA

In a Nov. 10, 2015 letter, the Chairs and Ranking Members of the Senate Committee on Health, Education, Labor, and Pensions and the Committee on Finance raised concerns with the U.S. Department of Health and Human Services...more

Are Attorneys Entitled to “HIPAA Rate”?

Over the past year, numerous lawsuits and complaints to the HHS Office for Civil Rights (“OCR”) have been filed by plaintiffs’ attorneys over a seemingly obscure HIPAA issue – the rate that health care providers and their...more

Ebola or Not, Patient Privacy Must Be Protected: Office for Civil Rights Issues Bulletin on HIPAA Requirements in Emergency...

In the wake of the recent Ebola cases, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a new bulletin reminding HIPAA-covered entities and their business associates that the...more

11/13/2014  /  Data Protection , Ebola , EHR , Healthcare , HHS , HIPAA , OCR , PHI

New HIPAA Reports to Congress Shed Light on OCR Enforcement

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued two reports to Congress, as required by the HITECH Act. The compliance report details OCR’s enforcement activities for 2011 and 2012 and...more

Confidentiality of Substance Abuse Treatment Information: HHS Considers Changes to the Part 2 Regulations and Requests Comment

The Department of Health and Human Services’ Substance Abuse and Mental Health Services Administration (SAMHSA) is considering significant changes to the “Part 2” regulations (the Confidentiality of Alcohol and Drug Abuse...more

OCR Releases Information on What Phase 2 HIPAA Audits Will Look Like

The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more

4/14/2014  /  Audits , Data Protection , EHR , HHS , HIPAA , OCR , PHI

Future OCR Audits Have Little in Common With Previous Round—Here’s How to Prepare

The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more

HIPAA and Mental Health Information: HHS Issues HIPAA Guidance Addressing Mental Health Information

The U.S. Department of Health and Human Services (“HHS”) recently issued new guidance clarifying how the HIPAA Privacy Rule strikes the balance of protecting individuals’ privacy of mental health information and communicating...more

It’s Not Enough to Notify: Don’t Forget the Policies, Risk Analyses, and Training

HIPAA compliance ended with a bang in 2013, with the feds issuing the first settlement involving a health provider’s failure to have breach notification policies and procedures in place. On Dec. 24, 2013, the Department of...more

1/8/2014  /  Compliance , HHS , HIPAA , OCR , Security Rule , Training

HHS Issues Model Privacy Notices: The Good, the Bad, and the Ugly

Just in time for the September 23, 2013, deadline for compliance with the HIPAA Omnibus Rule, the U.S. Department of Health and Human Services (“HHS”) issued a set of model notices of privacy practices for health care...more

HHS Delays Require Changes to Notice of Privacy Practices for Certain Clinical Laboratories

Last week the Department of Health and Human Services (“HHS”) announced that it has postponed the Sept. 23, 2013, HIPAA Omnibus Rule deadline for many clinical laboratories to revise their notices of privacy practices...more

FTC Files Complaint Against Lab Over Failed Health Information Security

In a reminder that the U.S. Department of Health and Human Services (“HHS”), with its HIPAA security requirements and enforcement authority, is not the only game in town when it comes to health information privacy, the...more

In $1.7M WellPoint Settlement, HHS Warns Covered Entities on Change Management

On July 8, 2013, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) entered into a $1.7 million resolution agreement with WellPoint over a 2009-2010 security breach....more

30 Results
/
View per page
Page: of 2

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
Feedback? Tell us what you think of the new jdsupra.com!