News & Analysis as of

Premera Cyber-Attack Announced: Defining Your Obligations as an Employer

On March 17, 2015, Premera announced a data breach involving the personal information of more than 11 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack. Employers and plan...more

Employers with Group Health Plans: Have You Notified State Regulators of the Breach?

Data security breaches affecting large segments of the U.S. population continue to dominate the news. Over the past few years, there has been considerable confusion among employers with group health plans regarding the...more

Preparing for a Data Breach – What to Know about Breach Notification

Data breaches are at the forefront of the news, and many companies, including those dominant in the health care industry, have found themselves front and center in the headlines. Although recent news stories have focused...more

Employers: What the Anthem Breach Means to You

On Feb. 4, 2015, Anthem announced a data breach involving the personal information of more than 80 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack. Group health plans may be...more

FAQs by Employers Regarding the Anthem Breach

Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is...more

Responding to the Anthem Cyber Attack

Anthem Inc. (Anthem), the nation's second-largest health insurer, revealed late on Wednesday, February 4 that it was the victim of a significant cyber attack. According to Anthem, the attack exposed personal information of...more

Deadline Approaching to Report Certain HIPAA Breaches to Federal Officials

The HIPAA Breach Notification Rule requires covered entities to notify the Secretary of the Department of Health and Human Services (HHS) if a breach of unsecured protected health information (PHI) is discovered. As most...more

Happy New Year! 2015 Brings More Reasonable Breach Notification Reporting Periods for CA Health Care Providers

In 2008 California put into effect breach reporting laws applicable to certain licensed health care providers Healthcare Entities that are more stringent than HIPAA - so stringent that Healthcare Entities have been required...more

Federal Bills Pursue Comprehensive Data Breach Notification

The recent string of wide-scale data breach disclosures by major retailers has led to a growing call for federal legislation to protect consumer information and establish uniform data breach notification...more

WEBINAR: Breach, Enforcement and Beyond: HIPAA Breach Notification Analysis and OCR Enforcement Activities

The Office for Civil Rights of the US Department of Health and Human Services revised the breach notification regulations last year in order to make the analysis of whether a breach occurred more objective. In addition, OCR...more

The Trend of Stricter State Data Breach Laws Continues with Florida

Florida’s new Florida Information Protection Act, Fl. Stat. § 501.171, became effective July 1, 2014. The new law repeals and replaces Florida’s existing data breach notification requirements (Fl. Stat. § 817.5681) with more...more

HIPAA Breaches: What They Are and What You Can Do to Protect Your Clients

45 CFR §§ 164.400-414– otherwise known as the HIPAA Breach Notification Rule– requires all entities and businesses covered by HIPAA to disclose any breaches of unsecured protected health information (PHI). In order to protect...more

September 22, 2014: Quickly approaching deadline to amend business associate agreements

The HIPAA Omnibus Rule, enacted last year, made a number of changes to the HIPAA privacy, security and breach notification rules. Some of these changes affected business associate provisions of the HIPAA privacy and security...more

Kentucky’s New Breach Notification Legislation

Data breaches, whether big or small, can leave customers exposed to fraudulent activity. You may recall that in January 2014, Target reported that an estimated 70 to 110 million of its customers had personal information...more

“Cha-Ching” – HIPAA Settlement Reaches New Heights and Signals More To Come

In the largest HIPAA enforcement action to date, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) extracted $4.8 million from two leading New York institutions, New York-Presbyterian Hospital...more

Health Insurer Fined Unprecedented $6.8 Million for HIPAA Violations

Federal fines for violations of the Health Insurance Portability and Accountability Act (HIPAA) may not exceed $1.5 million per incident per year. That's already a big number to think about — but employers also need to...more

Health Care Law Alert: Skagit County Fined $215,000 for HIPAA Violations

Skagit County in northwest Washington state has been fined $215,000 for violations of the HIPAA privacy, security, and breach notification rules. The U.S. Department of Health and Human Services’ Office for Civil Rights...more

Health Care Entity Pays $150,000 to HHS as a Result of Stolen Thumb Drive Containing PHI

Encrypting USB drives, analyzing security risks, and implementing breach notification policies and procedures could mean the difference between compliance with the Health Insurance Portability and Accountability Act (“HIPAA”)...more

Be Prepared – HIPAA Audits are Coming in 2014

Later this year, the Department of Health and Human Services (“DHHS”) is expected to launch its permanent HIPAA Audit Program. The HIPAA Audit Program is authorized under Section 13411 of the HITECH Act, and is designed to...more

Recent HIPAA Settlement Highlights Danger of Failure to Perform Security Risk Assessments, Implement HIPAA Policies and Train...

A recent Health Insurance Portability and Accountability Act ("HIPAA") settlement, which is notable as the first HIPAA settlement with a covered entity for failure to have policies and procedures in place to comply with...more

Dermatology Practice Agrees to Settlement in Connection with HIPAA Breach

A Massachusetts-based dermatology practice recently agreed to pay $150,000 to settle claims that it failed to have sufficient policies and procedures in place to address a breach notification requirement under the HITECH Act....more

HHS Announces First HIPAA Settlement Based on Lack of Breach Notification Policies and Procedures

The Department of Health and Human Services (HHS) recently announced the first settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) based on violations of the law's privacy, security,...more

Looking At The Past To Predict The Future Of HIPAA/HITECH Enforcement

2013 was a busy year for the Department of Health and Human Services (“HHS”). On January 17, 2013, HHS issued its Final Omnibus Rule, substantially modifying the Privacy, Security and Enforcement Rules promulgated by the...more

Settlement Reached Regarding Dermatology Practice’s HIPAA Violation

Adult and Pediatric Dermatology (A&P Dermatology) of Concord, Massachusetts has entered into a resolution agreement with the Department of Health and Human Services (HHS) to settle potential violations of the Health Insurance...more

HHS Gives A Thumbs Down For Stolen Thumb Drive

On December 26, 2013, the U.S. Department of Health and Human Services Office for Civil Rights (HHS) announced that it had reached an agreement with a Northeastern dermatology practice to settle potential HIPAA violations...more

40 Results
|
View per page
Page: of 2