Dianne Bourque

Dianne Bourque

Mintz Levin

Contact  |  View Bio  |  RSS

Latest Posts › HIPAA

Share:

“Your Money or Your PHI”: OCR Releases Guidance on Ransomware

On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more

7/12/2016 - Breach Notification Rule Covered Entities Cyber Attacks Data Breach Employee Training Hackers Health Care Providers HIPAA HIPAA Breach Hospitals New Guidance OCR PHI Ransomware Security Risk Assessments

OCR Releases New HIPAA Audit Protocol and Other Audit-Related Materials

Earlier this month the Department of Health and Human Services Office for Civil Rights (OCR) released a revamped audit protocol that now addresses the requirements of the 2013 Omnibus Final Rule. OCR will be using the audit...more

4/20/2016 - Business Associates Covered Entities HIPAA HIPAA Audits OCR

Don’t Neglect Your Business Associate Agreements!

As we have repeatedly emphasized on this blog, HIPAA Covered Entities must ensure that they have compliant business associate agreements (“BAAs”) in place with all of their business associates and must ensure that they have...more

3/18/2016 - Business Associates Corrective Actions Covered Entities HIPAA OCR PHI Risk Assessment Settlement

HIPAA and Health Care Data Privacy – 2015 Year in Review

As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015. Incredibly large data breaches became...more

12/11/2015 - Anthem Insurance Cyber Attacks Data Breach HIPAA HITECH OCR PHI

Just in Time for the Phase II Audits: OIG Criticizes OCR’s Enforcement Efforts

As HIPAA-regulated entities anxiously await the commencement of the Phase II HIPAA audit program, the Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) has issued a report critical of...more

10/1/2015 - Audits Case Management Corrective Actions Covered Entities Documentation HIPAA Medicare Part B OCR OIG PHI Regulatory Oversight

On the Tenth Day of Privacy, OCR Gave to Me…..

……………..a cumbersome C-A-P The U.S Department of Health and Human Services Office for Civil Rights has received tremendous publicity in recent years for its upward-trendingfines and aggressive enforcement of HIPAA...more

12/22/2014 - Data Protection Health Care Providers HIPAA Hospitals OCR PHI Strategic Enforcement Plan

Cliff Notes from the Joint OCR/NIST HIPAA Security Conference

As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more

10/1/2014 - Encryption HHS HIPAA NIST OCR Risk Assessment Training

Massive Data Breach Affects 4.5 Million Patients in 29 States

Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the...more

8/21/2014 - Cyber Attacks Data Breach EHR HIPAA HITECH Hospitals Notice Requirements PHI

D’oh! OCR Confirms that Medical Records Should Not be Left in the Driveway

The most recent Office for Civil Rights (“OCR”) HIPAA enforcement action serves as an important reminder to health care providers of the security risks associated with a mishandled medical records custody transfer and the...more

6/26/2014 - EHR Healthcare HIPAA OCR PHI

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured...more

6/23/2014 - Data Breach Data Protection EHR Healthcare HIPAA HITECH PHI

Is Your HIPAA Compliance Program Going Out the Window with XP?

April 8, 2014 marks the end of Microsoft’s support for the Windows XP operating system, which means the end of security updates from Microsoft and the beginning of new vulnerability to hackers and other intruders into systems...more

4/9/2014 - Compliance Data Protection HIPAA Technology

Compliance is No Joke: OCR Releases Security Risk Assessment Tool

On March 28, 2014, the Office of Civil Rights (OCR) announced the release of an online and iPad app-based security risk assessment (SRA) tool. The tool is intended to help health care providers in small to medium sized...more

4/1/2014 - Compliance HIPAA OCR Risk Assessment

CMS Finalizes HIPAA and CLIA Amendments Intended to Increase Patient Access to Test Results

Yesterday the Centers for Medicare & Medicaid Services (CMS) finally published the long-awaited final rule amending the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance Portability and...more

2/5/2014 - CLIA Clinical Laboratories CMS Healthcare HHS HIPAA OCR

A New Year’s Resolution (And Corrective Action Plan) From OCR: Physician Practice Cited For HIPAA Violations

The Office for Civil Rights (OCR) is closing out 2013 with a reminder of the importance of an effective HIPAA compliance program. On December 26, 2013, OCR announced a resolution agreement with a Massachusetts physician...more

12/31/2013 - Breach Notification Rule Data Breach Data Breach Plans Data Protection Electronic Medical Records HIPAA HITECH OCR Physicians

On the First Day of Privacy, The OCR Gave to Me...

Welcome to our series, “The 12 Days of Privacy” as we look to “gifts” that may be received this season and some of the big issues ahead …. Day One – - HIPAA 2014 – Where will the Audit Trail Lead? The year 2013...more

12/9/2013 - HHS HIPAA HITECH OCR OIG Privacy Laws Privacy Policy

OCR Guidance to Address HIPAA Marketing Turmoil

In response to a recent lawsuit and outcry from a variety of players in the health care market, the Department of Health and Human Services (“HHS”) has committed to issuing guidance by September 23rd (the compliance date for...more

9/13/2013 - Compliance Deadlines HHS HIPAA HIPAA Omnibus Rule Marketing OCR

HIPAA Marketing Rules Prompt First Amendment Challenge

In what is believed to be the first legal challenge to the HIPAA Omnibus Rule (the “Rule”), a vendor of prescription drug adherence services is seeking an injunction to block certain provisions of the Rule related to drug...more

9/11/2013 - ACOs First Amendment Free Speech HIPAA HIPAA Omnibus Rule Hospital Readmission Marketing Medicare Advantage Pharmaceutical Industry Prescription Drugs

Seven-Figure HIPAA Settlement Prompted by Photocopier Breach

The Office for Civil Rights’ (OCR) latest seven-figure fine for HIPAA violations resulted from a failure to remove protected health information or “PHI” from the hard drive of a leased photocopier. The $1,215,780 settlement...more

8/15/2013 - Confidential Information Data Protection HIPAA Medical Records PHI Settlement

Privacy Monday – July 22, 2013

Privacy gaffes and tidbits to start your week. Keeping up with Kardashians is NOT a defense under HIPAA - The LA Times recently reported the firing of six workers at Cedars-Sinai Medical Center in connection...more

7/23/2013 - Cybersecurity HIPAA HIPAA Omnibus Rule Kim Kardashian Medical Records Personally Identifiable Information Privacy Laws Privacy Policy

Keeping Up With the Kardashians Is NOT a Defense Under HIPAA

The LA Times recently reported the firing of six workers at Cedars-Sinai Medical Center in connection with the unauthorized access to patient medical records. The firings occurred in the days following the birth of reality...more

7/19/2013 - Data Breach HIPAA Hospitals Kanye West Kim Kardashian Medical Records Unauthorized Access

Highlights of the Joint NIST and OCR Safeguarding Health Information Conference

Earlier this week we attended the National Institute of Standards and Technology (NIST) and HHS Office for Civil Rights (OCR) 6th Annual Safeguarding Health Information Conference in Washington, D.C. (the NIST-OCR...more

5/26/2013 - Audits HHS HIPAA NIST OCR

Firearms Debate Triggers OCR Request for Comments

Gun violence is a hot topic in the wake of the Newtown shootings and the aftermath of last week’s Boston Marathon bombings, and now health privacy has joined the debate....more

4/24/2013 - Criminal Background Checks Firearms Gun Laws HIPAA Mental Illness NICS OCR PHI

Countdown Begins for HIPAA Omnibus Rule Compliance

The HIPAA Omnibus Rule goes into effect today, which officially starts the clock for covered entities, business associates, and their subcontractors to begin updating their agreements, forms, policies, procedures, and...more

3/26/2013 - Business Associates Contractors HIPAA HIPAA Omnibus Rule HITECH Notice Requirements Subcontractors

OCR Wants Feedback From Audited Covered Entities

The Office for Civil Rights (OCR) is preparing to conduct an online survey of the 115 covered entities it audited in 2012 as part of the HITECH-mandated, pilot audit program. OCR hopes to use the survey results to evaluate...more

3/20/2013 - Audits Covered Entities HIPAA HITECH OCR

27 Results
|
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×