Rebecca L. Williams

Rebecca L. Williams

Davis Wright Tremaine LLP

Contact  |  View Bio  |  RSS

Latest Publications

Share:

Business Associates Beware: First HIPAA Settlement with Business Associate

For the first time, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) has entered into a Resolution Agreement with a business associate over allegations that it potentially violated the Health...more

7/7/2016 - Business Associates HHS HIPAA OCR PHI

HIPAA Enforcement Actions by the Numbers

Protecting patient information is a central duty for both covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA). Should a HIPAA-subject entity ever fail to protect...more

6/29/2016 - Breach Notification Rule HHS HIPAA OCR PHI

The Audit Protocol is Released, and Other Updated HIPAA Audits News

As we previously reported, the HHS Office for Civil Rights (OCR) launched Phase II of its audit program on March 21. Since that time, a significant amount of new information has emerged, including details regarding the...more

4/12/2016 - Business Associates Covered Entities HHS HIPAA HIPAA Audits OCR

OCR Phase 2 HIPAA Audits Are Here: What to Expect While You’re Expecting (an Audit)

The Phase 2 audit program for HIPAA compliance is under way. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that it had launched the Phase 2 audits to examine and assess how covered...more

3/29/2016 - Breach Notification Rule Business Associates Covered Entities Health Care Providers HIPAA HIPAA Audits HIPAA Breach OCR PHI

HIPAA Audits to Include Financial Institutions—There’s an App for That

The Phase 2 audit program for HIPAA compliance now is underway — and financial institutions are on the list as potential targets. Many financial institutions are business associates under HIPAA, usually because of their...more

3/29/2016 - Covered Entities Financial Institutions HIPAA Audits HIPAA Breach OCR PHI Risk Assessment

Can Ransomware Trap Your Health Information? OCR Highlights the Risk of Cyber Extortion in its Cyber-Awareness Initiative

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has been highlighting the threat posed by “ransomware”—when an organization is locked out of its own systems and files by cyber criminals who...more

2/23/2016 - Cyber Attacks Cyber Crimes Cyber Insurance Health Care Providers Malware OCR Ransomware Risk Mitigation

February 2016: The Month of Groundhog Day, Super Bowl 50, Valentine’s Day … and HIPAA Breach Notifications

Feb. 29, 2016, a/k/a Leap Day, is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health...more

2/22/2016 - Data Breach Health Care Providers HIPAA OCR PHI Reporting Requirements

One Step Forward and Two Steps Back: Proposed Changes to the Alcohol and Drug Abuse Treatment Confidentiality Rule

On Feb. 9, 2016, the U.S. Department of Health and Human Services Substance Abuse and Mental Health Services Administration (SAMHSA) published in the Federal Register a proposed rule putting forth amendments to the Alcohol...more

2/16/2016 - Confidential Documents Drug & Alcohol Abuse Health Care Providers HIPAA Medical Records Privacy Rule SAMHSA

Second CMP Assessed for HIPAA Violations: Do You Know Where Your Data Is?

For only the second time in its history, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has imposed a civil money penalty (CMP) on a covered entity for allegedly violating the HIPAA...more

2/10/2016 - ALJ Civil Monetary Penalty Corporate Counsel Covered Entities HHS HIPAA OCR PHI Privacy Rule

Upcoming HIPAA Audits May Target Financial Institutions—Here’s How to Prepare

Much like a tornado watch, the conditions appear to be right for a coming storm: the upcoming Phase 2 HIPAA audits. The Department of Health and Human Services Office for Civil Rights (OCR) has begun verifying contact...more

6/23/2015 - Audits Covered Entities Financial Institutions HHS HIPAA OCR Popular Risk Assessment Strategic Enforcement Plan

Be Careful with Information Destruction: Another Medical Record Disposal HIPAA Settlement

The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) recently announced a new settlement with a small pharmacy, Cornell Prescription Pharmacy (“Cornell”). OCR alleged that Cornell was disposing of...more

5/1/2015 - Document Destruction Enforcement Actions OCR Pharmacies PHI Settlement

Washington State Amends Data Breach Law

Passage of H.B. 1078 sets a 45-day notification deadline, adds additional notice requirements Washington Governor Jay Inslee signed H.B. 1078 into law on April 23, revising the state’s data breach notification statute and...more

4/29/2015 - Popular

Premera Cyber-Attack Announced: Defining Your Obligations as an Employer

On March 17, 2015, Premera announced a data breach involving the personal information of more than 11 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack. Employers and plan...more

3/19/2015 - Breach Notification Rule Corporate Counsel Cyber Attacks Data Breach Employer Liability Issues HIPAA Popular Premera Blue Cross

Employers: What the Anthem Breach Means to You

On Feb. 4, 2015, Anthem announced a data breach involving the personal information of more than 80 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack. Group health plans may be...more

2/10/2015 - Anthem Insurance Best Practices Breach Notification Rule Corporate Counsel Cyber Attacks Cybersecurity HIPAA Personally Identifiable Information

Latest HIPAA Settlement: Compliance is an Ongoing Process

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued its first settlement under new OCR Director Jocelyn Samuels earlier this month. This latest settlement serves as a reminder that a...more

12/18/2014 - Healthcare Facilities HIPAA OCR Patient Confidentiality Breaches PHI Popular Settlement

Encryption and Securing BYO Devices at the Heart of Massachusetts AG $100,000 Settlement

The Massachusetts Attorney General announced Friday that her office had reached a settlement with Beth Israel Deaconess Medical Center (BIDMC) surrounding a 2012 data breach in which a physician’s unencrypted personal laptop...more

11/26/2014 - Bring Your Own Device Covered Entities Data Breach Data Protection Employer Liability Issues Encryption Health Care Providers Patient Confidentiality Breaches Personally Identifiable Information Popular

Ebola or Not, Patient Privacy Must Be Protected: Office for Civil Rights Issues Bulletin on HIPAA Requirements in Emergency...

In the wake of the recent Ebola cases, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a new bulletin reminding HIPAA-covered entities and their business associates that the...more

11/13/2014 - Data Protection Ebola EHR Healthcare HHS HIPAA OCR PHI

CMS Reopens the Medicare Payment Adjustment Hardship Exception Application Submission Period for Certain Providers and Hospitals

Centers for Medicare & Medicaid Services (CMS) recently announced the reopening of the submission period for hardship exception applications for eligible professionals and eligible hospitals that have been unable to fully...more

10/30/2014 - CEHRT CMS EHR Healthcare Healthcare Reform Hospitals Medicare PHI Undue Hardship

Good News: California Extends Its Medical Data Breach Notification Requirement From 5 to 15 Days

On Sept. 18, 2014, California’s governor approved Assembly Bill 1755, extending California’s stringent breach notification deadline for medical information breaches from five business days to 15 business days for clinics,...more

10/13/2014 - Breach Notification Rule Data Breach EHR Healthcare Personally Identifiable Information PHI Popular

Looming HIPAA Deadline: Update Business Associate Agreements by Monday, September 22, 2014

Business associate agreements that have not already been updated as required by the HIPAA Omnibus Rule should be updated by September 22, 2014. The Omnibus Rule changed and added mandatory language for valid business...more

9/23/2014 - Business Associates Deadlines HIPAA HIPAA Omnibus Rule

New HIPAA Reports to Congress Shed Light on OCR Enforcement

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued two reports to Congress, as required by the HITECH Act. The compliance report details OCR’s enforcement activities for 2011 and 2012 and...more

7/7/2014 - Data Protection Enforcement Enforcement Actions Healthcare HHS HITECH OCR

Confidentiality of Substance Abuse Treatment Information: HHS Considers Changes to the Part 2 Regulations and Requests Comment

The Department of Health and Human Services’ Substance Abuse and Mental Health Services Administration (SAMHSA) is considering significant changes to the “Part 2” regulations (the Confidentiality of Alcohol and Drug Abuse...more

6/23/2014 - ACOs Consent Healthcare Healthcare Reform HHS New Regulations Patient Privacy Rights SAMHSA

$4.8 Million – Largest HIPAA Settlement to Date

On May 7, 2014, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) issued a press release announcing that two health care organizations—New York and Presbyterian Hospital (“NYP”) and Columbia...more

5/9/2014 - Covered Entities Data Breach Electronic Medical Records HIPAA Hospitals Non-Judicial Settlement Agreements OCR Patient Confidentiality Breaches

OCR Releases Information on What Phase 2 HIPAA Audits Will Look Like

The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more

4/14/2014 - Audits Data Protection EHR HHS HIPAA OCR PHI

Future OCR Audits Have Little in Common With Previous Round—Here’s How to Prepare

The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more

4/11/2014 - Audits Covered Entities HHS OCR Security Risk Assessments

36 Results
|
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×