Lynn Sessions

Lynn Sessions

BakerHostetler

Contact  |  View Bio  |  RSS

Latest Posts › HIPAA

Share:

GAO Report Criticizes HHS’ HIPAA Cybersecurity Guidance and Program

Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by...more

11/9/2016 - Covered Entities Cybersecurity Data Protection GAO Health Care Providers HHS HIPAA NIST

$2.75 Million OCR Settlement Underscores the Importance of Risk Management and Analysis

How the theft of a single password-protected laptop turned into an enterprise-wide review of an organization’s data protection practices. Following the announcement of a recent settlement between the U.S. Department of...more

8/19/2016 - Corporate Counsel Data Breach Data Security HHS HIPAA OCR PHI Risk Management Settlement

Business Associates in the Crosshairs: Catholic Health Care Services Settles for $650,000 for Failure to Safeguard PHI

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) recently agreed to enter into a $650,000 resolution agreement and a two-year corrective action plan (CAP) with the Office for Civil Rights (OCR). CHCS...more

7/8/2016 - Business Associates HIPAA OCR PHI Risk Management

OCR Clarifies “Reasonable, Cost-Based” Fee Calculations for Access to Medical Records

By couching its position in an individual’s right to access protected health information (PHI), beginning on January 7, 2016, the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) issued guidance to...more

6/10/2016 - HHS HIPAA OCR PHI

One Week, $5.45 Million in Resolution Agreements for HIPAA Violations

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) continued its run of resolution agreements for HIPAA violations, pulling in $5.45 million from just two entities, North Memorial Health Care of...more

4/6/2016 - Data Breach Electronic Medical Records Health Care Providers HIPAA OCR PHI

ALJ Upholds OCR’s $239,800 CMP for Healthcare Provider

On January 13, 2016, the Department of Health and Human Services’ Administrative Law Judge upheld the Office for Civil Rights’ (OCR’s) civil monetary penalty (CMP) against Lincare, Inc., d/b/a United Medical (Lincare), for...more

2/16/2016 - ALJ Civil Monetary Penalty Health Care Providers HHS HIPAA OCR PHI

HHS Removes Barriers to Reporting Federal Mental Health Prohibitor Status for Gun Background Checks

On January 6, 2016, the U.S. Department of Health and Human Services (HHS) released a modification to the Health Insurance Portability and Accountability Act (HIPAA) removing barriers to reporting federal mental health...more

1/18/2016 - Background Checks Gun Laws HHS HIPAA NICS PHI

OIG Emphasizes Proactive Enforcement of Privacy Rule and Monitoring of Repeat Offenders

The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which...more

11/12/2015 - Audits Covered Entities HIPAA OCR OIG

OIG Emphasizes Proactive Enforcement of Privacy Rule and Monitoring of Repeat Offenders

The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which...more

11/11/2015 - Healthcare HIPAA Medicare Part B PHI Privacy Rule

HIPAA Fine Underscores OCR’s Focus on Physician Group Compliance

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more

10/14/2015 - Compliance Corporate Fines Corrective Actions Data Breach Data Protection Enforcement Actions Health Care Providers Healthcare HHS HIPAA OCR Personally Identifiable Information PHI Privacy Concerns Security Risk Assessments Security Rule

Deeper Dive: Healthcare Incidents Involving More Than 500 Individuals Are Investigated 100 Percent of the Time

We have released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. The report confirms the...more

6/12/2015 - Attorney Generals Covered Entities Data Breach Electronic Medical Records Government Investigations Healthcare HHS HIPAA HITECH Medical Records OCR PHI

FAQs by Employers Regarding the Anthem Breach

Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is...more

2/9/2015 - Anthem Insurance Breach Notification Rule Corporate Counsel Data Breach Employer Group Health Plans Health Insurance HIPAA Personally Identifiable Information PHI Popular Self-Insured Health Plans

Ebola Information Quarantine: Balancing Patient Privacy With Public Health

Of all the complex legal issues raised by the recent cases of Ebola in the U.S., those concerning the delicate balance between preserving patients’ privacy rights and the need to disseminate information to protect public...more

11/3/2014 - Ebola EHR Healthcare HIPAA PHI Right to Privacy

Health System Pays $800,000 Fine for Leaving PHI in Doctor’s Driveway

While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI),...more

6/27/2014 - Enforcement HHS HIPAA Medical Records OCR PHI

HHS Attorney: Major HIPAA Fines and Enforcement Coming

As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR. But according to recent remarks by a high-ranking HHS attorney, if you thought these...more

6/16/2014 - Data Protection Enforcement Enforcement Actions Healthcare HHS HIPAA

HHS Rule Grants Patients Direct Access to Lab Test Results

The U.S. Department of Health and Human Services (HHS) recently published a Final Rule granting patients and their personal representatives access to the patient’s completed laboratory test reports directly from the lab...more

2/24/2014 - CDC CLIA CMS EHR Healthcare HHS HIPAA PHI

NICS and HIPAA: Where Mental Health Privacy and Gun Control Overlap; HHS Releases Notice of Proposed Rulemaking

On January 7, 2014, the U.S. Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) for the purpose of modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to...more

2/4/2014 - Criminal Background Checks Gun Laws Healthcare HHS HIPAA NICS

Healthcare Privacy – 2013 Year in Review

On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more

1/3/2014 - Civil Monetary Penalty EHR Healthcare HHS HIPAA HIPAA Omnibus Rule OCR PHI Privacy Laws Subcontractors

Texas to Launch Nation's First Privacy and Security Certification "Safe Harbor"

The Texas Health Services Authority (THSA) recently announced its selection of the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), the most widely adopted information privacy and security...more

12/19/2013 - Certifications Data Protection HHS HIPAA PHI Safe Harbors

Telemarketing: HIPAA Can Reverse the Charges Under the TCPA

The Telephone Consumer Protection Act (TCPA) generally limits automatically dialed and prerecorded telemarketing calls to wireless and residential phones. In the past, healthcare providers and other "advertisers" could rely...more

10/23/2013 - Exemptions FCC HIPAA Robocalling Spam TCPA Telemarketing Written Consent

HIPAA Violation Results in $1.44M Jury Verdict Against Walgreens, Pharmacist

Although HIPAA does not create a private cause of action, a recent Indiana Superior Court jury verdict demonstrates that HIPAA still could play an important role in private causes of action in state court based on negligence...more

8/27/2013 - HIPAA Jury Verdicts Negligence Pharmacies Professional Liability Professional Negligence Walgreens

Business Associate Agreements: More Readily Accepted by Cloud Service Providers? Maybe

Although the HIPAA Omnibus Final Rule's expansion of business associate liability could create difficulties for healthcare providers and other covered entities seeking to negotiate business associate agreements with vendors...more

6/21/2013 - Amazon Business Associates Cloud Computing Data Protection Health HHS HIPAA HIPAA Omnibus Rule PHI

Texas Bill Allows Doctors to Collect Patient Data by Swiping Driver's Licenses

The Texas Legislature recently approved S.B. 166, a bill that would allow healthcare providers, including physicians, nurses, dentists and others to collect and verify patient data by simply swiping a patient's driver's...more

5/23/2013 - Data Collection Driver's Licenses HIPAA Physicians

HHS Considers Amending HIPAA Privacy Rule to Permit Disclosure of Mental Health Information for Firearm Background Checks

Adding yet another wrinkle to the nation’s contentious gun control debate, the U.S. Department of Health and Human Services (HHS) has released an Advance Notice of Proposed Rulemaking (ANPRM) soliciting information and public...more

5/8/2013 - Background Checks Data Protection Firearms Gun Laws HHS HIPAA Mental Illness PHI

HIPAA/HITECH Final Rule - Assessing Your Organization's Compliance Readiness

The long awaited HIPAA/HITECH Final Rule became effective March 26, 2013, but covered entities, business associates and subcontractors will have until September 23, 2013, to fully comply. ...more

4/12/2013 - Business Associates Covered Entities Data Protection HIPAA HIPAA Omnibus Rule HITECH PHI

32 Results
|
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×