News & Analysis as of

Ex-Husband's Revenge Leads to HHS Trophy

Patient care is not confined to a single office or exam room, or a single physician or other provider. Caring for patients these days now includes complex coordination among physicians, nurse, technicians, staff, management,...more

Prepare for the Unexpected with Data Storage and Retrieval

Last week, a federal court in Illinois encountered another example of unexpected events causing problematic privacy and data storage implications for a healthcare company. The non-profit organization responsible for...more

Disclosure of Substance Use Disorder Records Enters the 21st Century: SAMHSA Proposes Changes to Part 2, But Do They Go Far...

Background - As many health care practitioners, health information management professionals, and health lawyers know, balancing patients’ privacy interests with the need to access accurate, up-to-date medical information can...more

One Week, $5.45 Million in Resolution Agreements for HIPAA Violations

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) continued its run of resolution agreements for HIPAA violations, pulling in $5.45 million from just two entities, North Memorial Health Care of...more

Ransomware Strikes California Hospital – Could You Be Next?

In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that...more

Hollywood Presbyterian Concedes to Hacker’s Demands in Ransomware Attack

In a chain of events that should be a wake-up call to any entity using and storing critical health information, Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a malware attack...more

Stolen, Unencrypted Laptop Leads to $850,000 Settlement and Comprehensive Corrective Action Plan for Massachusetts Teaching...

The U.S. Department of Health and Human Services, Office of Civil Rights (OCR), has announced a settlement with Lahey Hospital and Medical Center (Lahey) that arose out of a HIPAA breach involving a stolen laptop. The...more

Lahey Hospital agrees to pay a whopping $850,000 to OCR for stolen laptop

Just before Thanksgiving, the Office for Civil Rights (OCR) announced that Lahey Hospital and Medical Center (Lahey) has agreed to pay $850,000 in fines and penalties to the OCR and enter into a resolution agreement following...more

Manatt Digital Media - October 2015

In this newsletter, we highlight some of the ways digital technologies are transforming healthcare and the opportunities and challenges they present to individuals and businesses. We also introduce you to our team at Manatt...more

OIG Reports Insufficient Oversight Of HIPAA Compliance

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more

Cure of Security Rule Violations Following Breach of EPHI Cannot Save Covered Entities from $750,000 Settlement; Non-Breach...

More than three years after the Cancer Care Group, P.C. (“CCG”) notified the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) of a breach of unsecured electronic protected health...more

Don't Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more

Recent Enforcement Shows the Importance of Encrypting Mobile Devices Containing Protected Health Information

With headlines every day announcing another release of Protected Health Information (PHI), providers are asking themselves – is there a way to protect against these breaches? Beyond improving the security of large...more

OCR Enters into $750,000 Settlement with Physician Practice for HIPAA Violations

On September 2, the Department of Health and Human Services Office of Civil Rights (OCR) announced a settlement with Cancer Care Group, P.C., a thirteen-physician oncology practice in Indiana related to violations of the...more

OCR settlement reiterates importance of proactive security rule compliance

On September 2, 2015, the U.S. Department of Health & Human Services (HHS) announced that Cancer Care Group, P.C. (CCG), a physician practice located in Indiana, agreed to pay $750,000 as part of a settlement to resolve...more

Stolen Laptop Bag Leads to $750,000 Fine for Oncology Group

On September 2, 2015, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a substantial settlement with an Indiana-based oncology group, Cancer Care Group, P.C. (CCG). Under the terms of...more

$750,000 HIPAA Settlement Reinforces Need to Be Proactive

As the Department of Health and Human Services’ (“HHS”) Office of Civil Rights (“OCR”) proceeds with its second round of HIPAA audits, this time covering business associates as well as covered entities, a recent settlement...more

[Webinar] Mobile Device Management for Health Care Organizations and Vendors - Sept. 10th, 10:00am PDT

In this webinar, we will demystify the HIPAA Security Rule and how to apply the administrative, physical, and technical safeguards in a mobile environment. We will discuss key takeaways from the recently released NIST Draft...more

NIST Standards Provides An Oasis Of Mobile Device Security In The EHR Desert

The healthcare industry has long awaited some certainty in the arena of mobile devices in light of the continued push for electronic health records (“EHR”) and coordinated care. The prevalence, convenience, and speed of such...more

St. Elizabeth’s Medical Center Pays $218,400 to Settle Alleged HIPAA Security Case Stemming from Use of Cloud-Based Document...

Alleged HIPAA Violations Resulted from Medical Center’s Failure to Risk Assess Internet-Based Document Sharing Application and Inadequate Breach Response. The US Department of Health and Human Services (HHS) Office for...more

Oregon Amends Data Breach Law — Companies Can Expect More Enforcement Actions

Oregon Gov. Kate Brown recently signed into law amendments to the state’s data breach law. These amendments recognize the growing definition of data, expand the role of the Attorney General in addressing data breaches,...more

Internet-Based Document Sharing Applications Scrutinized

On July 8, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) and St. Elizabeth’s Medical Center (SEMC) located in Boston, Massachusetts entered into an agreement following an investigation...more

Cybersecurity is once again a hot topic as Illinois undergoes PIPA update

Cybersecurity is a hot topic at both the state and federal level. Specifically, Illinois is in the process of amending its Personal Information Protection Act (“PIPA”). Illinois SB 1833 will amend PIPA by establishing more...more

Hospital’s Cloud-Based Document-Sharing Practices Lead to $218,400 HIPAA Settlement

On July 10, 2015, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a substantial settlement with St. Elizabeth’s Medical Center (SEMC). Under the terms of the settlement, the hospital...more

91 Results
|
View per page
Page: of 4
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×