The day before Thanksgiving, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the largest resolution agreement of 2015, against Lahey Hospital and Medical Center (Lahey). The...more
The U.S. Department of Health and Human Services (HHS) has reported a $400,000 settlement with Idaho State University (ISU) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
In This Issue:
- A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule
1. Business Associates and Subcontractors
2. Breach Notification
3. Covered Entity Organizational Structures
4. Cloud...more
3/1/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Subcontractors
The U.S. Department of Health and Human Services (HHS) issued, on January 17, 2013, its final omnibus rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules as well...more
1/29/2013
/ Business Associates ,
Covered Entities ,
Cyber Insurance ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
OCR ,
Risk Assessment ,
Risk Management
The final rule is significant for any organization that is considered to be a HIPAA covered entity (“CE”) (health systems, health care providers, health plans, etc.) or the more broadly defined business associate (“BA”)....more
1/23/2013
/ Business Associates ,
Covered Entities ,
Data Protection ,
Electronic Medical Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Medical Records ,
OCR ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI
The Department of Health and Human Services (HHS) issued, on January 17, 2013, its Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules as well as...more
1/22/2013
/ Business Associates ,
Covered Entities ,
Cyber Insurance ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Risk Assessment ,
Vendor Contacts
The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more
1/21/2013
/ Compliance ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
HONI ,
Mobile Devices ,
OCR ,
Patient Confidentiality Breaches ,
PHI ,
Settlement
The long awaited HIPAA/HITECH Final Rule is out. The final rule is effective March 26, 2013, but covered entities (CEs) and business associates (BAs) will have 180 days beyond the effective date to come into compliance....more
1/18/2013
/ Business Associates ,
Compliance ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
Penalties
In This Issue:
- Healthcare Provisions in the American Taxpayer Relief Act - the Good, the Bad and the Ugly
- American Taxpayer Relief Act Amends Overpayment Recovery Time Limits
- OIG Advisory Opinion Sheds...more
1/14/2013
/ American Taxpayer Relief Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Breach ,
Electronic Medical Records ,
Fraud ,
Healthcare ,
OCR ,
OIG ,
Overpayment Recovery Time Limits ,
Pay-for-Performance ,
Reporting Requirements ,
Settlement