Covered Entities

News & Analysis as of

Free HIPAA Help

Health care providers, health plans, business associates, and other entities affected by the federal HIPAA privacy and security regulations are quickly running out of excuses for not having a robust HIPAA compliance program...more

Future OCR Audits Have Little in Common With Previous Round—Here’s How to Prepare

The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more

Can covered entities run Windows XP and remain HIPAA compliant?

Microsoft recently announced that, after April 8, 2014, it will not longer provide security updates or technical support for Windows XP. Microsoft’s statement that “businesses that are governed by regulatory obligations such...more

HIPAA Housekeeping - Don't Forget Your Annual Report of Small Breaches

If you are a "covered entity" under the Health Insurance Portability and Accountability Act ("HIPAA") and suffer a breach of protected health information, one of your first reactions should be to count the number of affected...more

How To Analyze A HIPAA Breach

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) and subsequent regulations have changed several aspects of compliance with HIPAA, including the way covered entities should think about...more

Recent HIPAA Settlement Highlights Danger of Failure to Perform Security Risk Assessments, Implement HIPAA Policies and Train...

A recent Health Insurance Portability and Accountability Act ("HIPAA") settlement, which is notable as the first HIPAA settlement with a covered entity for failure to have policies and procedures in place to comply with...more

Financial Services Law -- Jan 17, 2014

Community Banks and the Volcker Rule: What’s Next? - For now, banks that have investments in CDO securities that are issued by funds that are invested in trust preferred securities (TruPS CDOs) have dodged a bullet. On...more

Covered Entity Fined $150,000 For Stolen Unencrypted Thumb Drive

HHS recently announced that it fined a dermatology practice $150,000 for failing to reasonably safeguard an unencrypted thumb drive and failing to conduct an accurate and thorough risk analysis of electronic PHI....more

340B Drug Pricing Program Developments in the New Year

On January 9, 2014, the Health Resources and Services Administration (HRSA) posted an update on its current and anticipated 340B drug pricing program (340B) program integrity efforts.1 The update includes a discussion of...more

Looking At The Past To Predict The Future Of HIPAA/HITECH Enforcement

2013 was a busy year for the Department of Health and Human Services (“HHS”). On January 17, 2013, HHS issued its Final Omnibus Rule, substantially modifying the Privacy, Security and Enforcement Rules promulgated by the...more

How To Catch-Up in a Revised HIPAA World

The HIPAA final omnibus rule (Omnibus Rule) made sweeping changes to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules earlier this year. Although the compliance deadline of September 23, 2013 has come...more

HHS Closes Out 2013 with 6th Resolution Agreement

Throughout 2013, HHS OCR has stated that covered entities of all sizes need to give priority to securing ePHI. In addition, HHS OCR has recommended that covered entities identify and mitigate risks before an incident occurs....more

Volcker Rule Final Regulations: The Effect on Private Fund Sponsors and Investors

In time for the holidays, the long-awaited Volcker Rule final regulations arrived on Tuesday, December 10, 2013. Many of the comments of domestic mutual funds, foreign public funds, insurance companies and foreign banking...more

Does HIPAA Apply to Employers?

The Health Insurance Portability and Accountability Act, better known as HIPAA, protects the privacy and security of patient health information. A common question from human resource managers has been what is the impact of...more

OCR Releases Model Notices of Privacy Practices

Under the Privacy Rule, an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that...more

Hearing to Address HIPAA Accounting of Disclosures

The HHS Office of Civil Rights (OCR) announced that the Health Information Technology (HIT) Policy Committee’s Privacy and Security Tiger Team will hold a virtual, public hearing on Monday, September 30 from 11:45 a.m. to...more

HIPAA Toolbox - Expanded Definition of Business Associates

September 23rd is the HIPAA Omnibus Rule compliance deadline. The Rule expands the definition of Business Associates (BAs). Are you prepared? Incorrect determinations lead to increased risk and potential liability for...more

Ready For HITECH Changes On September 23, 2013? Find Out With This Compliance Checklist For Employer-Sponsored Health Plans

The final regulations implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act were issued in January and compliance is required by September 23, 2013. The final regulations require covered...more

3 Weeks Left: Is Your Business Ready for HIPAA Compliance?

The September 23, 2013 deadline for covered entities, business associates and their subcontractors to implement the new HIPAA rules is approaching quickly. In case you missed it, on January 25, 2013, the U.S. Department of...more

Checklist for Covered Entities and Business Associates

As the countdown to the compliance deadline for the Health Information Technology for Economic and Clinical Health (HITECH) Act Omnibus Rule begins, we offer the following as a reminder of tasks that covered entities,...more

Final Rule on 340B Orphan Drug Exclusion Imposes New Compliance Requirements on Covered Entities and Contract Pharmacies

The 340B program permits eligible hospitals and other “safety-net” providers (Covered Entities) to purchase covered outpatient drugs from pharmaceutical manufacturers at significant discounts. The Affordable Care Act and the...more

HIPAA/HITECH Compliance Strategies for Medical Device Manufacturers

As computing power continues to become cheaper and more powerful, medical devices are increasingly capable of handling larger and larger sets of data. This provides the ability to log ever expanding amounts of information...more

HIPAA compliance deadline approaching: Five steps to ensure you are ready

The September 23, 2013 deadline for covered entities, business associates and their subcontractors to comply with new HIPAA rules is fast approaching....more

HRSA Issues Final 340B Orphan Drug Exclusion Rule: Agency’s Narrow Interpretation of Statutory Prohibition Puts Compliance...

On July 23, 2013, the Health Resources and Services Administration (HRSA) issued a final rule clarifying the orphan drug exclusion for certain covered entities created by the Affordable Care Act (ACA) (“Final Rule”). The...more

HRSA Clarifies 340B Orphan Drug Exception But 340B Audit Enforcement Remains Murky

Recently, HRSA publicly announced the issuance of a final rule clarifying when 340B covered entities can purchase and distribute orphan drugs through the 340B Drug Pricing Program. Separately, HRSA quietly posted a report on...more

109 Results
|
View per page
Page: of 5