News & Analysis as of

HIPAA Business Associate Agreements - 7 Things to Know Before the HITECH Deadline

Covered entities and business associates have only until September 22, 2014 to update business associate agreements that were in place as of January 25, 2013. For those members of the health industry and their vendors that...more

Business Associate Agreements May Require Amendment

The Omnibus Final Rule (the "Omnibus Rule") under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), was issued in January, 2013 effective March 26, 2013, but with a general compliance deadline of...more

Deadline For Business Associate Agreement And Data Use Agreement Compliance Is September 22, 2014

September 22, 2014 is the deadline to have all business associate and data use agreements updated to conform to the new requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Final Omnibus...more

Don’t forget the September 23, 2014 deadline to ensure your Business Associate Agreements comply with the Omnibus Final Rule

Under the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule published January 25, 2013, 78 Fed.Reg. 5566, Covered Entities (CEs) with Business Associate Agreements (BAAs) that were entered on or...more

New ICD-10 Compliance Date Set for October 1, 2015

On July 31, 2014, CMS issued a final rule moving the ICD-10 compliance date from October 1, 2014 to October 1, 2015, and requiring HIPAA covered entities to continue to use ICD-9 through September 30, 2015. The final rule...more

Action Required for Covered Entities, Business Associates and Their Subcontractors

Early last year, the Department of Health and Human Services issued final privacy and security regulations (Final Rule) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Final Rule, effective...more

OCR to Begin Phase 2 of HIPAA Audit Program

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will soon begin a second phase of audits (Phase 2 Audits) of compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more

Are your HIPAA ducks in a row? The next round of OCR HIPAA audits is approaching

In 2011 the Department of Health and Human Services’ Office for Civil Rights (OCR) established the HIPAA Pilot Audit Program to ensure compliance with HIPAA’s privacy, security and breach notification rules. The first...more

HIPAA Data Breaches

HIPAA has been on the books since 1996. With the advent of electronic health records, HHS adopted security regulations to require covered entities to protect the integrity, confidentiality, and availability of electronic...more

Promises of Enhanced HIPAA Enforcement by HHS Illustrated by a Recent Record-Breaking Settlement Agreement and Increased Focus on...

An attorney from the Office for Civil Rights of the U.S. Department of Health and Human Services (HHS) recently disclosed that covered entities could face increased scrutiny for HIPAA violations in 2014. Specifically, the...more

HIPAA/HITECH Business Associate Agreements: The Home Stretch

The one-year transition rule expires on September 22, 2014. The final regulations under the HIPAA Privacy, Security, and Enforcement Rules as amended by HITECH, make several changes, including modifying the...more

Health Law Alert: The Deadline for Amending Business Associate Agreements is Quickly Approaching

A key change from 2013’s HITECH “Omnibus” Rule was a requirement that Business Associate Agreements (“BAAs”) be modified to reflect revisions to HIPAA regulations. When the rule was issued on January 25, 2013, Covered...more

Health Law Alert: HIPAA Enforcement on the Rise, as OCR Audit Program Moves Forward

A recent settlement from New York—involving the largest fine levied to date in the history of HIPAA enforcement, a staggering $4.8 million imposed on two public hospitals—should remind health care providers, health plans and...more

Policyholders Face Heightened Scrutiny Under OCR’s New Permanent Audit Program

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has notably increased enforcement of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) and Health Information...more

Two Health Care Organizations Pay Largest HIPAA Fine at $4.8 Million Resulting from Unsecured Shared Network

New York-Presbyterian Hospital and Columbia University entered into a settlement with the Department of Health and Human Services’ Office of Civil Rights (OCR) to resolve allegations that the organizations had violated the...more

$4.8 Million – Largest HIPAA Settlement to Date

On May 7, 2014, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) issued a press release announcing that two health care organizations—New York and Presbyterian Hospital (“NYP”) and Columbia...more

Server Breach Makes ePHI Accessible on Google, Costs Covered Entities $4.8 Million

It would be pretty unsettling if your patient status, vital signs, medications, and laboratory results were available for the world to see on Google, wouldn’t it? According to recent settlement agreements announced by the...more

Florida Legislature Passes Stringent New Data Breach Law

On April 30, the Florida Legislature passed Senate Bill 1524, otherwise known as the Florida Information Protection Act of 2014. If signed by the governor, starting July 1, this bill will impose stringent new requirements on...more

Coming Fall 2014: HHS Launches Permanent Audit Program

Beginning in the Fall of 2014, a substantial number of covered entities and business associates will receive a notification and data request from the Health and Human Services' (HHS) Office for Civil Rights (OCR). According...more

Minimum Necessary and the Breach Standard

When the new HITECH rules came out OCR specifically said, “...uses or disclosures that impermissibly involve more than the minimum necessary information...may qualify as breaches.” But what exactly is the minimum necessary...more

OCR Announces the Results from it's Pilot Audit and it's Plans For Next Year

The Office of Civil Rights Audit Pilot Program has come to an end with 115 audits, primarily in person, having been completed. The Pilot Program had multiple revelations in privacy, some of which were probably, not so...more

Free HIPAA Help

Health care providers, health plans, business associates, and other entities affected by the federal HIPAA privacy and security regulations are quickly running out of excuses for not having a robust HIPAA compliance program...more

Can covered entities run Windows XP and remain HIPAA compliant?

Microsoft recently announced that, after April 8, 2014, it will not longer provide security updates or technical support for Windows XP. Microsoft’s statement that “businesses that are governed by regulatory obligations such...more

HIPAA Housekeeping - Don't Forget Your Annual Report of Small Breaches

If you are a "covered entity" under the Health Insurance Portability and Accountability Act ("HIPAA") and suffer a breach of protected health information, one of your first reactions should be to count the number of affected...more

How To Analyze A HIPAA Breach

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) and subsequent regulations have changed several aspects of compliance with HIPAA, including the way covered entities should think about...more

114 Results
|
View per page
Page: of 5