Rebecca L. Williams

Rebecca L. Williams

Davis Wright Tremaine LLP

Contact  |  View Bio  |  RSS

Latest Publications

Share:

Modernization? SAMHSA Falls Short in Updating 42 C.F.R. Part 2

On January 18, 2017, the Department of Health and Human Services Substance Abuse and Mental Health Services Administration (“SAMHSA”) published a final rule amending 42 C.F.R. Part 2 (“Part 2”), with an effective date that...more

2/20/2017 - Consent Data Security Electronic Protected Health Information (ePHI) Health Care Providers HIPAA Medical Records SAMHSA Substance Abuse

To Settle or Not to Settle – That Is the Question Raised by Recent HIPAA CMPs

On February 1, 2017, the Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that the Children’s Medical Center of Dallas (“Children’s”) has paid a civil monetary penalty (“CMP”) of $3.2 million...more

2/14/2017 - Civil Monetary Penalty Health Care Providers HIPAA Hospitals OCR PHI

HIPAA Small Breach Notification Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were...more

2/10/2017 - Breach Notification Rule Covered Entities Cybersecurity Data Breach Data Security Health Care Providers HHS HIPAA OCR

[Webinar] HIPAA in the Cloud – OCR Guidance on HIPAA and Cloud Service Providers - Jan. 31st, 1:00pm ET

As the health care sector further embraces the benefits of cloud computing, numerous challenges have arisen with applying HIPAA to cloud computing services....more

1/24/2017 - Cloud Computing Cloud Service Providers (CSPs) Covered Entities Data Privacy Data Security Health Care Providers HHS HIPAA Security Breach Webinars

Substance Use Disorder Information: Comments Wanted on Significant Proposed Part 2 Rule

In an unusual action, a Supplemental Notice of Proposed Rulemaking (“SNPRM”) accompanied the recent final rule on 42 C.F.R. Part 2 (“Part 2”) governing the confidentiality of certain substance use disorder information. On...more

1/24/2017 - Comment Period Confidentiality Policies Health Care Providers SAMHSA Substance Abuse

The Price of PHI – A $2.2 Million USB Drive

A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life...more

1/23/2017 - Data Breach Data Security Health Care Providers HHS HIPAA OCR PHI

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more

12/14/2016 - Business Associates Covered Entities Cybersecurity Data Protection Email HHS HIPAA OCR Phishing Scams Popular

Just Around the Corner – HIPAA Audits for Business Associates

Financial organizations that are business associates can expect a wave of HIPAA desk audits to evaluate the HIPAA compliance efforts of business associates. These audits have a limited focus and are conducted by the U.S....more

10/19/2016 - Business Associates Covered Entities Cybersecurity HHS HIPAA HIPAA Audits OCR

OCR Sets Sights on Smaller HIPAA Breaches

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more

9/8/2016 - Breach Notification Rule Business Associates Covered Entities Data Breach Data Security HHS HIPAA OCR PHI

HIPAA Audit Check-Up – Where We Are and What’s to Come

Phase 2 of the HIPAA audits is fully underway, and covered entities now can take a breath if they have not received a desk audit request. But we still are at the beginning of Phase 2, with more to come. ...more

8/29/2016 - Business Associates Covered Entities HIPAA HIPAA Audits OCR PHI Risk Management

It’s Not the Olympics, but OCR Sets New HIPAA Settlement Records

Athletes at the Rio Olympics aren’t the only ones setting records this year. Hoping to send a “strong message” about the importance of safeguarding electronic protected health information (PHI) and conducting mandated risk...more

8/15/2016 - Business Associates Covered Entities Data Breach HHS HIPAA OCR PHI Risk Management Settlement

On the Trail for Pokémon – and HIPAA Compliance

Pikachu, Alakazam, Bulbasaur, Charmander, and Squirtle can teach us a few things about HIPAA privacy. Pokémon GO is a recent craze encouraging people to try to catch’em all. As a result, employees, clients, and patients are...more

8/11/2016 - Business Associates Covered Entities HIPAA Mobile Devices PHI Pokemon

HIPAA Wake-Up Call for Financial Institutions: First HIPAA Settlement with Business Associate

It’s a HIPAA first. A business associate has settled a direct enforcement action over allegations that it potentially violated the Health Insurance Portability and Accountability Act (HIPAA). This settlement portends future...more

8/3/2016 - Business Associates Covered Entities Data Breach Enforcement Actions Financial Institutions HHS HIPAA OCR PHI Popular Settlement Agreements

Business Associates Beware: First HIPAA Settlement with Business Associate

For the first time, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) has entered into a Resolution Agreement with a business associate over allegations that it potentially violated the Health...more

7/7/2016 - Business Associates HHS HIPAA OCR PHI

HIPAA Enforcement Actions by the Numbers

Protecting patient information is a central duty for both covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA). Should a HIPAA-subject entity ever fail to protect...more

6/29/2016 - Breach Notification Rule HHS HIPAA OCR PHI

The Audit Protocol is Released, and Other Updated HIPAA Audits News

As we previously reported, the HHS Office for Civil Rights (OCR) launched Phase II of its audit program on March 21. Since that time, a significant amount of new information has emerged, including details regarding the...more

4/12/2016 - Business Associates Covered Entities HHS HIPAA HIPAA Audits OCR

OCR Phase 2 HIPAA Audits Are Here: What to Expect While You’re Expecting (an Audit)

The Phase 2 audit program for HIPAA compliance is under way. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that it had launched the Phase 2 audits to examine and assess how covered...more

3/29/2016 - Breach Notification Rule Business Associates Covered Entities Health Care Providers HIPAA HIPAA Audits HIPAA Breach OCR PHI

HIPAA Audits to Include Financial Institutions—There’s an App for That

The Phase 2 audit program for HIPAA compliance now is underway — and financial institutions are on the list as potential targets. Many financial institutions are business associates under HIPAA, usually because of their...more

3/29/2016 - Covered Entities Financial Institutions HIPAA Audits HIPAA Breach OCR PHI Risk Assessment

Can Ransomware Trap Your Health Information? OCR Highlights the Risk of Cyber Extortion in its Cyber-Awareness Initiative

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has been highlighting the threat posed by “ransomware”—when an organization is locked out of its own systems and files by cyber criminals who...more

2/23/2016 - Cyber Attacks Cyber Crimes Cyber Insurance Health Care Providers Malware OCR Ransomware Risk Mitigation

February 2016: The Month of Groundhog Day, Super Bowl 50, Valentine’s Day … and HIPAA Breach Notifications

Feb. 29, 2016, a/k/a Leap Day, is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health...more

2/22/2016 - Data Breach Health Care Providers HIPAA OCR PHI Reporting Requirements

One Step Forward and Two Steps Back: Proposed Changes to the Alcohol and Drug Abuse Treatment Confidentiality Rule

On Feb. 9, 2016, the U.S. Department of Health and Human Services Substance Abuse and Mental Health Services Administration (SAMHSA) published in the Federal Register a proposed rule putting forth amendments to the Alcohol...more

2/16/2016 - Confidential Documents Drug & Alcohol Abuse Health Care Providers HIPAA Medical Records Privacy Rule SAMHSA

Second CMP Assessed for HIPAA Violations: Do You Know Where Your Data Is?

For only the second time in its history, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has imposed a civil money penalty (CMP) on a covered entity for allegedly violating the HIPAA...more

2/10/2016 - ALJ Civil Monetary Penalty Corporate Counsel Covered Entities HHS HIPAA OCR PHI Privacy Rule

Upcoming HIPAA Audits May Target Financial Institutions—Here’s How to Prepare

Much like a tornado watch, the conditions appear to be right for a coming storm: the upcoming Phase 2 HIPAA audits. The Department of Health and Human Services Office for Civil Rights (OCR) has begun verifying contact...more

6/23/2015 - Audits Covered Entities Financial Institutions HHS HIPAA OCR Popular Risk Assessment Strategic Enforcement Plan

Be Careful with Information Destruction: Another Medical Record Disposal HIPAA Settlement

The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) recently announced a new settlement with a small pharmacy, Cornell Prescription Pharmacy (“Cornell”). OCR alleged that Cornell was disposing of...more

5/1/2015 - Document Destruction Enforcement Actions OCR Pharmacies PHI Settlement

Washington State Amends Data Breach Law

Passage of H.B. 1078 sets a 45-day notification deadline, adds additional notice requirements Washington Governor Jay Inslee signed H.B. 1078 into law on April 23, revising the state’s data breach notification statute and...more

4/29/2015 - Popular

49 Results
|
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×