Stephanie Willis

Stephanie Willis

Mintz Levin

Contact  |  View Bio  |  RSS

Latest Posts › Data Protection

Share:

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured...more

6/23/2014 - Data Breach Data Protection EHR Healthcare HIPAA HITECH PHI

State Data Security Breach Notification Laws

The general definition of “personal information” or “PI” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of following data elements: (i) Social Security number,...more

4/24/2014 - Breach Notification Rule Data Breach Data Protection

Data Breach Wall of Shame: 2013's Highlights and Lessons

Since 2009, the HHS Office for Civil Rights (“OCR”) has posted all large data breaches – those that involve 500 or more individuals – online on its so-called “Wall of Shame.” In 2013, 160 large data breaches were reported to...more

1/24/2014 - Cybersecurity Data Breach Data Protection Encryption Healthcare HHS Medical Records OCR Recording Requirements

OCR Delays Required Changes to Notices of Privacy Practices for Laboratories

The HHS Office of Civil Rights (OCR) has granted certain clinical laboratories a temporary reprieve from the requirement to update their Notices of Privacy Practices (NPPs) by September 23, 2013, the deadline imposed by the...more

9/23/2013 - CLIA Data Protection Enforcement Actions HHS HIPAA HIPAA Omnibus Rule Laboratories Notice Requirements OCR Penalties

Lessons from the California AG’s Data Breach Report for the Health Care Industry

Our sister blog, Privacy and Security Matters, recently posted a comprehensive analysis of the newly released data breach report from the California Attorney General’s Office (AG Report). The AG Report is the first...more

7/11/2013 - Attorney Generals Breach Notification Rule Cybersecurity Data Breach Data Breach Plans Data Protection Encryption HIPAA HIPAA Omnibus Rule Training

First HIPAA Resolution Agreement of 2013 — and it certainly will not be the last

The HHS Office of Civil Rights (OCR) announced its first HIPAA Resolution Agreement of 2013 last week. According to the press release, Idaho State University (ISU) must pay OCR $400,000 and comply with the terms of a...more

5/31/2013 - Corrective Actions Cybersecurity Data Breach Data Protection HHS HIPAA OCR PHI Universities

HIPAA Omnibus Rule Reference Chart

Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule. The chart lists provisions of the proposed privacy, security and enforcement rules mandated by the Health Information...more

1/23/2013 - Business Associates Covered Entities Data Breach Data Protection HIPAA HIPAA Omnibus Rule HITECH Notice Requirements PHI

Finally! HHS Office of Civil Rights Releases HIPAA Omnibus Rule With Sweeping Changes to Compliance Requirements and Enforcement

The final regulations from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally...more

1/18/2013 - Business Associates Compliance Covered Entities Data Breach Data Protection HHS HIPAA HIPAA Omnibus Rule Notice Requirements Notifications OCR Patient Privacy Rights PHI Subcontractors

8 Results
|
View per page
Page: of 1