Lynn Sessions

Lynn Sessions

BakerHostetler

Contact  |  View Bio  |  RSS

Latest Publications

Share:

Health System Pays $800,000 Fine for Leaving PHI in Doctor’s Driveway

While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI),...more

6/27/2014 - Enforcement HHS HIPAA Medical Records OCR PHI

HHS Attorney: Major HIPAA Fines and Enforcement Coming

As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR. But according to recent remarks by a high-ranking HHS attorney, if you thought these...more

6/16/2014 - Data Protection Enforcement Enforcement Actions Healthcare HHS HIPAA

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other...more

3/7/2014 - Data Breach EHR Fines Form 8-K Healthcare Medicare PHI

HHS Rule Grants Patients Direct Access to Lab Test Results

The U.S. Department of Health and Human Services (HHS) recently published a Final Rule granting patients and their personal representatives access to the patient’s completed laboratory test reports directly from the lab...more

2/24/2014 - CDC CLIA CMS EHR Healthcare HHS HIPAA PHI

NICS and HIPAA: Where Mental Health Privacy and Gun Control Overlap; HHS Releases Notice of Proposed Rulemaking

On January 7, 2014, the U.S. Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) for the purpose of modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to...more

2/4/2014 - Criminal Background Checks Gun Laws Healthcare HHS HIPAA NICS

Healthcare Privacy – 2013 Year in Review

On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more

1/3/2014 - Civil Monetary Penalty EHR Healthcare HHS HIPAA HIPAA Omnibus Rule OCR PHI Privacy Laws Subcontractors

Texas to Launch Nation's First Privacy and Security Certification "Safe Harbor"

The Texas Health Services Authority (THSA) recently announced its selection of the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), the most widely adopted information privacy and security...more

12/19/2013 - Certifications Data Protection HHS HIPAA PHI Safe Harbors

Telemarketing: HIPAA Can Reverse the Charges Under the TCPA

The Telephone Consumer Protection Act (TCPA) generally limits automatically dialed and prerecorded telemarketing calls to wireless and residential phones. In the past, healthcare providers and other "advertisers" could rely...more

10/23/2013 - Exemptions FCC HIPAA Robocalling Spam TCPA Telemarketing Written Consent

Computer Crime Insurance Coverage: Can It Cover Fraudulent Entries Submitted by an Authorized User?

In a recent decision, New York's appellate court considered whether a "Computer Systems Fraud" insurance policy rider (Policy) covered losses that Universal American suffered as a result of fraudulent claims electronically...more

10/21/2013 - Crime Insurance Policies Fraud

New Survey Underscores Providers' Responsibility for Preventing Medical ID Theft

The Ponemon Institute's recent publication of its fourth annual 2013 Survey on Medical Identity Theft (Survey) confirmed what many in the healthcare industry already knew: identity theft is a serious and often overlooked...more

9/24/2013 - Fraud Healthcare Healthcare Professionals Identity Theft

HIPAA Violation Results in $1.44M Jury Verdict Against Walgreens, Pharmacist

Although HIPAA does not create a private cause of action, a recent Indiana Superior Court jury verdict demonstrates that HIPAA still could play an important role in private causes of action in state court based on negligence...more

8/27/2013 - HIPAA Jury Verdicts Liability Negligence Pharmacies Professional Liability Professional Negligence Walgreens

Business Associate Agreements: More Readily Accepted by Cloud Service Providers? Maybe

Although the HIPAA Omnibus Final Rule's expansion of business associate liability could create difficulties for healthcare providers and other covered entities seeking to negotiate business associate agreements with vendors...more

6/21/2013 - Amazon Business Associates Cloud Computing Data Protection Health HHS HIPAA HIPAA Omnibus Rule PHI

Texas Bill Allows Doctors to Collect Patient Data by Swiping Driver's Licenses

The Texas Legislature recently approved S.B. 166, a bill that would allow healthcare providers, including physicians, nurses, dentists and others to collect and verify patient data by simply swiping a patient's driver's...more

5/23/2013 - Data Collection Driver's Licenses HIPAA Physicians

HHS Considers Amending HIPAA Privacy Rule to Permit Disclosure of Mental Health Information for Firearm Background Checks

Adding yet another wrinkle to the nation’s contentious gun control debate, the U.S. Department of Health and Human Services (HHS) has released an Advance Notice of Proposed Rulemaking (ANPRM) soliciting information and public...more

5/8/2013 - Background Checks Data Protection Firearms Gun Laws HHS HIPAA Mental Illness PHI

Alarm Fatigue: Joint Commission Considering National Patient Safety Guideline for Alarm-Equipped Medical Devices

The Joint Commission (TJC) recently published a Sentinel Event Alert (Alert) regarding “alarm fatigue,” which occurs when physicians are so overwhelmed by the constant barrage of medical device alarms, most of which do not...more

5/6/2013 - Medical Devices Safety Precautions

HIPAA/HITECH Final Rule - Assessing Your Organization's Compliance Readiness

The long awaited HIPAA/HITECH Final Rule became effective March 26, 2013, but covered entities, business associates and subcontractors will have until September 23, 2013, to fully comply. ...more

4/12/2013 - Business Associates Covered Entities Data Protection HIPAA HIPAA Omnibus Rule HITECH PHI

Can Covered Entities Utilize Text Messaging and Text Paging Without Violating HIPAA?

Text messaging allows healthcare providers to deliver simple, relevant, and customizable health information instantaneously to their patients, like reminders to obtain a vaccine, take a medication or come to an important...more

3/11/2013 - Data Protection HIPAA PHI Texting

Special Edition: Health Law Update - February 28, 2013

In This Issue: - A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule 1. Business Associates and Subcontractors 2. Breach Notification 3. Covered Entity Organizational Structures 4. Cloud...more

3/1/2013 - Business Associates Cloud Computing Covered Entities Data Breach Data Protection GINA HHS HIPAA HIPAA Omnibus Rule HITECH Notice Requirements OCR PHI Subcontractors

Health Law Update - What Covered Entities and Business Associates Need to do to Prepare for the New HIPAA/HITECH Requirements

The U.S. Department of Health and Human Services (HHS) issued, on January 17, 2013, its final omnibus rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules as well...more

1/29/2013 - Business Associates Covered Entities Cyber Insurance Data Protection HHS HIPAA HIPAA Omnibus Rule HITECH OCR Risk Assessment Risk Management

OCR'S Breach Settlement: The First Ever Involving Less Than 500 Patients

The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more

1/21/2013 - Compliance Data Breach Data Protection Electronic Medical Records Encryption HHS HIPAA HITECH HONI Mobile Devices OCR Patient Confidentiality Breaches PHI Settlement

Health Law Update — January 10, 2013

In This Issue: - Healthcare Provisions in the American Taxpayer Relief Act - the Good, the Bad and the Ugly - American Taxpayer Relief Act Amends Overpayment Recovery Time Limits - OIG Advisory Opinion Sheds...more

1/14/2013 - American Taxpayer Relief Act CMS Data Breach Electronic Medical Records Fraud Healthcare OCR OIG Overpayment Recovery Time Limits Pay-for-Performance Reporting Requirements Settlement

Reminder Annual OCR Breach Reporting is Due March 1, 2013

The breach notification interim final rule requires covered entities to submit to the Office for Civil Rights (OCR) notice of breaches of unsecured protected health information (PHI) (45 C.F.R. 164.408) by March 1, 2013....more

1/2/2013 - Data Breach Health Information Technologies HIPAA HITECH OCR PHI Reporting Requirements

State Fines Hospital For Patient Confidentiality Breach; Requires HIPAA Training For Executives

A California hospital that disclosed a patient’s medical record in response to a California Watch investigative report on the alleged inappropriate billing practices of the hospital’s parent organization was recently cited by...more

12/13/2012 - Data Breach Data Protection Healthcare Healthcare Professionals HIPAA Hospitals Personally Identifiable Information

OCR Releases De-Identification Guidance

The HHS Office of Civil Rights (OCR) recently released guidance intended to assist covered entities in understanding what de-identification is, the general process by which de-identified information can be created, and the...more

12/12/2012 - De-Identification HHS HIPAA OCR Safe Harbors

CMS's Privacy Problem: Data Breaches, Medicare Numbers, and Inaction

The Department of Health and Human Services Office of Inspector General (“OIG”) recently published a report, CMS Response to Breaches and Medical Identity Theft (“Report”), which referenced 14 breaches of medical information...more

11/30/2012 - CMS Data Breach HITECH Identity Theft OIG

25 Results
|
View per page
Page: of 1