News & Analysis as of

Office of Civil Rights Delays Phase 2 Audits

The Office of Civil RIghts (“OCR”) recently announced that Phase 2 of the HIPAA audits would be further delayed because the audit portals and project management tools that are needed to initiate the audit process are not...more

HIPAA Compliant Technology and the Importance of Encryption

We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any...more

Employers with Group Health Plans: Have You Notified State Regulators of the Breach?

Data security breaches affecting large segments of the U.S. population continue to dominate the news. Over the past few years, there has been considerable confusion among employers with group health plans regarding the...more

Preparing for a Data Breach – What to Know about Breach Notification

Data breaches are at the forefront of the news, and many companies, including those dominant in the health care industry, have found themselves front and center in the headlines. Although recent news stories have focused...more

Also In the News - Data, Privacy, & Security Practice Report - February 2015

OMB Receives Final Rule Permitting Disclosure To NICS --According to reginfo.gov, the White House Office of Management and Budget received a final rule from HHS that would modify the HIPAA Privacy Rule to expressly permit...more

Pressure Points: OCR Enforcement Activity in 2014

During 2014, the Office for Civil Rights (OCR) of the U.S. Department of Health & Human Services initiated six enforcement actions in response to security breaches reported by entities covered by the Health Insurance...more

Top Five Resolutions for Covered Entities and Business Associates in 2015

The New Year is here. It is time to make those 2015 resolutions, and not just those for getting fit and healthy. Resolve now to improve your organization’s compliance with the Health Insurance Portability and Accountability...more

Failure to take basic security measures may result in HIPAA penalties – 6 tips to keep up with updates and patches

Covered Entities and their Business Associates must comply with HIPAA’s Security Rule, or they may face substantial penalties. The Office of Civil Rights (OCR) recently shared a resolution agreement that emphasizes the...more

Encryption and Securing BYO Devices at the Heart of Massachusetts AG $100,000 Settlement

The Massachusetts Attorney General announced Friday that her office had reached a settlement with Beth Israel Deaconess Medical Center (BIDMC) surrounding a 2012 data breach in which a physician’s unencrypted personal laptop...more

Business Associate Compliance With HIPAA: Findings From a Survey of Covered Entities and Business Associates

The delivery of health care – and payment for that care – is a complex endeavor, and health care providers and health plans rely on third parties to help them operate as businesses and fulfill their responsibilities to...more

Policyholders Face Heightened Scrutiny Under OCR’s New Permanent Audit Program

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has notably increased enforcement of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) and Health Information...more

Florida Legislature Passes Stringent New Data Breach Law

On April 30, the Florida Legislature passed Senate Bill 1524, otherwise known as the Florida Information Protection Act of 2014. If signed by the governor, starting July 1, this bill will impose stringent new requirements on...more

Can covered entities run Windows XP and remain HIPAA compliant?

Microsoft recently announced that, after April 8, 2014, it will not longer provide security updates or technical support for Windows XP. Microsoft’s statement that “businesses that are governed by regulatory obligations such...more

How To Analyze A HIPAA Breach

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) and subsequent regulations have changed several aspects of compliance with HIPAA, including the way covered entities should think about...more

Looking At The Past To Predict The Future Of HIPAA/HITECH Enforcement

2013 was a busy year for the Department of Health and Human Services (“HHS”). On January 17, 2013, HHS issued its Final Omnibus Rule, substantially modifying the Privacy, Security and Enforcement Rules promulgated by the...more

How To Catch-Up in a Revised HIPAA World

The HIPAA final omnibus rule (Omnibus Rule) made sweeping changes to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules earlier this year. Although the compliance deadline of September 23, 2013 has come...more

OCR Releases Model Notices of Privacy Practices

Under the Privacy Rule, an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that...more

Checklist for Covered Entities and Business Associates

As the countdown to the compliance deadline for the Health Information Technology for Economic and Clinical Health (HITECH) Act Omnibus Rule begins, we offer the following as a reminder of tasks that covered entities,...more

Federal Data Breach Legislation Introduced, But Will It Go Anywhere?

Last week Senator Pat Toomey (R-PA), along with one Independent and six other Republican Senators, introduced the “Data Security and Breach Notification Act of 2013.”...more

HIPAA, Business Associates, and the Cloud

Under the Final Rule, as previously discussed, business associates must comply with the technical, administrative, and physical safeguard requirements under the Security Rule....more

Think You’re Not Covered by HIPAA? Think Again.

The Department of Health and Human Services recently amended the Health Insurance Portability and Accountability Act regulations (“HIPAA Rules”) in a way that may make many companies, particularly those in the technology...more

HIPAA/HITECH Final Rule - Assessing Your Organization's Compliance Readiness

The long awaited HIPAA/HITECH Final Rule became effective March 26, 2013, but covered entities, business associates and subcontractors will have until September 23, 2013, to fully comply. ...more

The HIPAA Omnibus Final Rule—Data Privacy and Security Implications for Business Associates and Covered Entities

On January 17, 2013, the Office for Civil Rights (‘‘OCR’’) of the U.S. Department of Health and Human Services (‘‘HHS’’) published the HIPAA Omnibus Final Rule (‘‘Final Rule’’) which OCR has trumpeted as carrying ‘‘the most...more

The HIPAA/HITECH Final Rule has arrived!

If you are a health care provider and/or someone who routinely performs work involving patient health information on behalf of a health care provider, you likely need to know about the HIPAA/HITECH Final Rule....more

Birmingham Medical News: I-Phone Or HIPAA-Phone?

With the recent issuance of the long-awaited final rule by the Department of Health and Human Services ("HHS"), the protection of patient information has been a hot topic among the health care industry the past few months....more

68 Results
|
View per page
Page: of 3