Summing up the results of the previous year, regulatory experts have noted that more than half of the businesses punished for HIPAA lapses in 2018 involved well-known big business entities making it a notable theme of the...more
1/18/2019
/ Data-Sharing ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
OCR ,
Patient Privacy Rights ,
PHI ,
Proposed Amendments ,
Public Comment ,
Request For Information
Cybersecurity and data breaches have been in public spotlight in the past several years as a result of recurring cyber-attacks on numerous organizations, business, its customers and communities in general. Media have been...more
Could a lost cell phone or laptop cost your organization millions of dollars?
Mobile devices have enabled vast improvements in the efficiency and quality of healthcare delivery. ...more
Imagine this: Dr. Primary is treating Patty Patient for substance abuse and emails Patty Patient’s protected health information (PHI) to a treatment clinic. Before the email arrives at the clinic, it is intercepted by a third...more
The failure to timely report a breach of unsecured protected health information (PHI) has cost Presence Health (one of the largest health systems in Illinois) almost half of a million dollars.
Earlier this month,...more
If you are an entity covered by Section 1557 of the Patient Protection and Affordable Care Act (Section 1557), you have less than a week to prepare your non-discrimination notices and taglines. The final rule implementing...more
This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of...more
One of the fastest growing areas of cybercrime is ransomware. Ransomware is a type of malicious software that encrypts data and makes it inaccessible to authorized users. The hackers who orchestrate ransomware attacks demand...more
Oregon Health & Science University (“OHSU”) has paid $2.7 million to the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle allegations that it violated the Health Insurance Portability...more
7/20/2016
/ Business Associates ,
Corrective Actions ,
Data Security ,
Electronically Stored Information ,
Encryption ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Internet Service Providers (ISPs) ,
OCR ,
PHI ,
Settlement Agreements
OCR has announced several recent settlement agreements to resolve violations of the Health Insurance Portability and Accountability Act (“HIPAA”). These settlement amounts range from $25,000 to $3.9 million dollars and...more
Amidst criticism that the Health Insurance Portability and Accountability Act (“HIPAA”) lags behind technological innovation, the Office for Civil Rights (“OCR”) released new guidance to aid app developers in determining how...more
The Health Law Gurus™ are here to help you stay current on issues and breaking news in health law. To help you stay up-to-date, we are excited to announce our new segment, “Ask the Health Law Gurus™.” Each month, we will...more
For the second time in history, the Office for Civil Rights (“OCR”) has imposed a civil monetary penalty (“CMP”) against a covered entity for violations of the Health Insurance and Portability Act (“HIPAA”). Lincare, Inc., a...more
Triple-S Management Corporation (“Triple-S”), on behalf of its wholly-owned subsidiaries, Triple-S Salud, Inc., Triple-C, Inc., and Triple-S Advantage, Inc., has agreed to pay $3.5 million as part of a Resolution Agreement...more
Just before Thanksgiving, Lahey Hospital and Medical Center (“Lahey”), a non-profit teaching hospital located in Burlington, Massachusetts, agreed to pay $850,000 for a breach of unsecured electronic protected health...more
Beginning in 2016, the United States Department of Health and Human Services’ Office for Civil Rights (OCR) will conduct another round of audits to gauge compliance with privacy provisions in the Health Insurance Portability...more
Cancer Care Group, P.C. (“CCG”), a radiation oncology physician group practice in Indiana, agreed to pay $750,000 for a breach of unsecured electronic protected health information (“ePHI”). CCG will also implement a...more
St. Elizabeth’s Medical Center (“SEMC”), a tertiary care hospital in Brighton, Massachusetts, has agreed to pay $218,400 to the Office for Civil Rights (“OCR”) to settle alleged violations of the Health Insurance Portability...more
Anchorage Community Mental Health Services, Inc. (“ACMHS”) will pay $125,000 to the United States Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle alleged violations of the Health Insurance...more
News from the Health Law Gurus™ is a weekly summary of notable health law news from around the country with helpful links to related content. Check back every week for the latest health law news stories.
HIPAA in the...more
Ebola has recently been the source of much concern, and health care providers and hospitals are taking steps to prepare themselves for the possibility of treating patients with Ebola. In addition to all of the medical...more
It would be pretty unsettling if your patient status, vital signs, medications, and laboratory results were available for the world to see on Google, wouldn’t it? According to recent settlement agreements announced by the...more
5/9/2014
/ Covered Entities ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Google ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Non-Judicial Settlement Agreements ,
OCR ,
Patient Confidentiality Breaches ,
Patient Privacy Rights
The Department of Health and Human Services (“HHS”) just announced a pair of settlements arising out of the theft of two laptops containing protected health information (“PHI”). Two entities, Concentra Health Services...more