News & Analysis as of

Federal agencies propose health IT regulatory framework, seek stakeholder input and participation in new initiatives

A little more than five years after the passage of the Health Information Technology Economic and Clinical Health (HITECH) Act, the Food and Drug Administration, Federal Communications Commission and the Office of the...more

How To Analyze A HIPAA Breach

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) and subsequent regulations have changed several aspects of compliance with HIPAA, including the way covered entities should think about...more

HHS Announces First HIPAA Settlement Based on Lack of Breach Notification Policies and Procedures

The Department of Health and Human Services (HHS) recently announced the first settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) based on violations of the law's privacy, security,...more

Looking At The Past To Predict The Future Of HIPAA/HITECH Enforcement

2013 was a busy year for the Department of Health and Human Services (“HHS”). On January 17, 2013, HHS issued its Final Omnibus Rule, substantially modifying the Privacy, Security and Enforcement Rules promulgated by the...more

Providers: Prepare Your Breach Notification Policy!

On December 26, 2013, Adult & Pediatric Dermatology, a dermatology practice located in Massachusetts, agreed to pay a $150,000 fine after it lost an unencrypted thumb drive containing over 2,000 patients’ health records, and...more

A New Year’s Resolution (And Corrective Action Plan) From OCR: Physician Practice Cited For HIPAA Violations

The Office for Civil Rights (OCR) is closing out 2013 with a reminder of the importance of an effective HIPAA compliance program. On December 26, 2013, OCR announced a resolution agreement with a Massachusetts physician...more

Medical practice agrees to payment due to HIPAA data breach

One day after Christmas, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that a Massachusetts-based dermatology practice (Practice) agreed to a $150,000 payment and entered into a...more

HIPAA Security Rule Enforcement Not Yet Meeting Federal Requirements

A recent Office of the Inspector General (OIG) Report reviews progress made by the Office for Civil Rights (OCR) toward enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule following...more

The HIPAA Gap Between Employers And Employees

“…HIPAA does not create a duty on the part of employers to protect employees from computer-virus related injuries” This quote, from the Farr v. St. Francis Hosp. & Health Centers case in the Southern District of Indiana,...more

Cloud Computing: Healthcare Issues in a Digital Age – (Part Three)

What are the challenges of PII data storage and privacy on cloud computing platforms? How does a healthcare organization work with cloud computing vendors to address key information security and privacy compliance issues? ...more

It's Never Too Late To Give Guidance: OCR Starts Releasing HIPAA Omnibus Rule Guidance In Anticipation Of September 23 Compliance...

This has been a busy week for the Department of Health and Human Services / Office for Civil Rights (HHS/OCR). It has started releasing guidance on various provisions of the Omnibus HIPAA final rule (the "Final Rule") in...more

Cloud Computing: Healthcare Issues in a Digital Age – (Part One)

Cloud computing has garnered attention in the healthcare industry as a primary way to achieve electronic medical records compliance while reducing IT costs. Cloud computing is all about DATA in a virtual work. With cloud...more

HHS To Revamp Limits On Payments To Pharmacies For Refill Reminder Programs

The HIPAA Privacy Regulations have long required covered entities to seek a patient authorization in order to use or disclose protected health information ("PHI") for marketing purposes. However, the Office for Civil Rights...more

Checklist for Covered Entities and Business Associates

As the countdown to the compliance deadline for the Health Information Technology for Economic and Clinical Health (HITECH) Act Omnibus Rule begins, we offer the following as a reminder of tasks that covered entities,...more

Breach Notification: New Rules!

If you sponsor a group health plan that is subject to the HIPAA Privacy and Security Rules, it is time to review and revise your policies and procedures and re-train your employees regarding the proper procedures when...more

HITECH What You Need to Know About Electronic Protected Health Information

Recently enacted legislation has resulted in extensive expansions to the privacy, security, breach notification and enforcement rules of the Health Information Technology for Economic and Clinical Health (HITECH) Act under...more

NIST Proposes Privacy Control Roadmap For Organizations

In an age in which safeguarding the privacy of a person’s information is becoming increasingly challenging, the National Institute of Standards and Technology (NIST) encourages organizations to devote time and resources to...more

Sweeping New Hipaa Privacy/Security Compliance For Health Plans Required By September 23, 2013: As If Health Care Reform Wasn’t...

HIPAA, as enacted in 1996, directed the U.S. Department of Health & Human Services (DHHS) to issue regulations requiring health plans to protect the privacy of health information and to provide reasonable and appropriate...more

The ERISA Litigation Newsletter - June 2013

Our articles this month focus on health care reform. First, Jim Napoli and Brian Neulander comment on the potential for litigation under the Affordable Care Act's (ACA's) whistleblower protections and ERISA Section 510 as a...more

Cloud Storage Providers Storing Protected Health Information May Be Obligated to Comply with HIPAA Regulations

A recently issued government rule may unknowingly create significant liability and legal risk for many technology enterprises. The expanded definition of "business associates" and related interpretations by the Department of...more

HIPAA/HITECH Final Rule - Assessing Your Organization's Compliance Readiness

The long awaited HIPAA/HITECH Final Rule became effective March 26, 2013, but covered entities, business associates and subcontractors will have until September 23, 2013, to fully comply. ...more

Personal Smartphones: A Ticking HIPAA/HITECH Time Bomb?

In this brave new world of health information privacy, many industry experts and healthcare organizations have emphasized the need to secure portable electronic devices such as laptops, issued to employees. But a recently...more

The HIPAA/HITECH Final Rule has arrived!

If you are a health care provider and/or someone who routinely performs work involving patient health information on behalf of a health care provider, you likely need to know about the HIPAA/HITECH Final Rule....more

Scripts - April 2013

In This Issue: - Key Provisions In the Final Omnibus HIPAA/HITECH Rules and What They Mean for You - NLRB and EEOC May Target Employer Efforts to Keep Employees Quiet During Internal Investigations -...more

HIPAA’S FINAL RULE: Putting Things in Perspective – Comments from OCR

On March 22, 2013, Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) Director Leon Rodriguez presented the keynote address to attendees of the American Health Lawyers’ Association HIPAA/HITECH Conference in...more

102 Results
|
View per page
Page: of 5