Kimberly M. Wong

Kimberly M. Wong

BakerHostetler

Contact  |  View Bio  |  RSS

Latest Publications

Share:

Health System Pays $800,000 Fine for Leaving PHI in Doctor’s Driveway

While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI),...more

6/27/2014 - Enforcement HHS HIPAA Medical Records OCR PHI

Health System Investigated for Leaving PHI in Doctor’s Driveway – Settles with OCR for $800K

While OCR enforcement activity has focused on a covered entity’s safeguarding of ePHI, organizations cannot forget about PHI in non-electronic form. To settle potential violations of the HIPAA Privacy Rule, Parkview Health...more

6/26/2014 - Data Breach Data Protection EHR HIPAA OCR PHI

HHS Attorney: Major HIPAA Fines and Enforcement Coming

As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR. But according to recent remarks by a high-ranking HHS attorney, if you thought these...more

6/16/2014 - Data Protection Enforcement Enforcement Actions Healthcare HHS HIPAA

HHS OCR Settles Post-Data Breach Investigation for Record $4.8M

On May 7, 2014, HHS OCR announced a pair of resolution agreements with New York Presbyterian Hospital (NYP) and Columbia University (CU) totaling $4.8 million dollars—the highest settlement amount to date. These resolution...more

5/13/2014 - Data Breach Data Protection EHR Healthcare HHS HIPAA Hospitals OCR PHI

Get Ready! HHS OCR Announces Next Round of HIPAA Audits

To combat new risks associated with rapidly evolving health information technology, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act...more

3/17/2014 - EHR Healthcare HHS HIPAA HITECH OCR PHU

OCR Settles Potential HIPAA Violations with County Government for $215,000

To start 2014, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first resolution agreement of the year and its first settlement with a county government – signaling that even local...more

3/10/2014 - HIPAA OCR Settlement

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other...more

3/7/2014 - Data Breach EHR Fines Form 8-K Healthcare Medicare PHI

Healthcare Privacy – 2013 Year in Review

On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more

1/3/2014 - Civil Monetary Penalty EHR Healthcare HHS HIPAA HIPAA Omnibus Rule OCR PHI Privacy Laws Subcontractors

HHS Closes Out 2013 with 6th Resolution Agreement

Throughout 2013, HHS OCR has stated that covered entities of all sizes need to give priority to securing ePHI. In addition, HHS OCR has recommended that covered entities identify and mitigate risks before an incident occurs....more

12/31/2013 - Breach Notification Rule Covered Entities Electronic Medical Records HHS HIPAA HITECH OCR PHI Physicians

OCR Releases Model Notices of Privacy Practices

Under the Privacy Rule, an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that...more

10/2/2013 - Covered Entities Data Protection HHS HIPAA HIPAA Omnibus Rule Notice of Privacy Practices Notice Requirements OCR Personally Identifiable Information PHI

North Dakota Breach Notification Law - Personal Information Includes Health Information

North Dakota has amended its Notice of Security Breach for Personal Information statute, North Dakota Century Code Section 51-30 et seq., to expand the definition of “personal information” to include “medical information” and...more

9/30/2013 - Data Breach Data Protection New Amendments Notice Requirements Personally Identifiable Information PHI

Health Plan Settles HHS OCR Investigation Related to Photocopier Breach for $1.2m

The Department of Health and Human Services Office for Civil Rights (HHS OCR) today announced its 4th resolution agreement of 2013....more

8/15/2013 - Data Protection Electronically Stored Information HHS HIPAA OCR PHI

HHS OCR Sends Message to CEs and their BAs: Protect ePHI Accessible Over the Internet

In its third resolution agreement of 2013, the Department of Health and Human Services, Office for Civil Rights (HHS OCR) today announced a $1.7 million resolution agreement with WellPoint, Inc., a health insurer and managed...more

7/12/2013 - Compliance Health Insurance Healthcare HHS OCR WellPoint

HIPAA, Business Associates, and the Cloud

Under the Final Rule, as previously discussed, business associates must comply with the technical, administrative, and physical safeguard requirements under the Security Rule....more

6/24/2013 - Business Associates Cloud Computing Covered Entities Data Protection Healthcare HIPAA HIPAA Omnibus Rule PHI Third-Party

Hospital Disclosure of PHI to Media and Workforce Results in $275,000 Fine

HHS OCR announced today its second resolution agreement of 2013. Shasta Regional Medical Center (SRMC) has agreed to pay $275,000 and enter into a comprehensive corrective action plan (CAP) to settle an investigation opened...more

6/17/2013 - Corrective Actions Fines Healthcare HHS Hospitals Journalism OCR PHI Privacy Disclosures

HHS OCR Director Leon Rodriguez's Dialogue on HIPAA/HITECH Compliance

“HIPAA is a valve, not a blockage,” stated HHS OCR Director Leon Rodriguez, at the OCR/NIST 6th Annual Conference on Safeguarding Health Information: Building Assurance through HIPAA Security....more

5/23/2013 - Civil Monetary Penalty Compliance Encryption HHS HIPAA HITECH PHI

Special Edition: Health Law Update - February 28, 2013

In This Issue: - A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule 1. Business Associates and Subcontractors 2. Breach Notification 3. Covered Entity Organizational Structures 4. Cloud...more

3/1/2013 - Business Associates Cloud Computing Covered Entities Data Breach Data Protection GINA HHS HIPAA HIPAA Omnibus Rule HITECH Notice Requirements OCR PHI Subcontractors

State Fines Hospital For Patient Confidentiality Breach; Requires HIPAA Training For Executives

A California hospital that disclosed a patient’s medical record in response to a California Watch investigative report on the alleged inappropriate billing practices of the hospital’s parent organization was recently cited by...more

12/13/2012 - Data Breach Data Protection Healthcare Healthcare Professionals HIPAA Hospitals Personally Identifiable Information

18 Results
|
View per page
Page: of 1