News & Analysis as of

OIG Reports Insufficient Oversight Of HIPAA Compliance

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more

Cure of Security Rule Violations Following Breach of EPHI Cannot Save Covered Entities from $750,000 Settlement; Non-Breach...

More than three years after the Cancer Care Group, P.C. (“CCG”) notified the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) of a breach of unsecured electronic protected health...more

Recent Enforcement Shows the Importance of Encrypting Mobile Devices Containing Protected Health Information

With headlines every day announcing another release of Protected Health Information (PHI), providers are asking themselves – is there a way to protect against these breaches? Beyond improving the security of large...more

OCR Enters into $750,000 Settlement with Physician Practice for HIPAA Violations

On September 2, the Department of Health and Human Services Office of Civil Rights (OCR) announced a settlement with Cancer Care Group, P.C., a thirteen-physician oncology practice in Indiana related to violations of the...more

OCR settlement reiterates importance of proactive security rule compliance

On September 2, 2015, the U.S. Department of Health & Human Services (HHS) announced that Cancer Care Group, P.C. (CCG), a physician practice located in Indiana, agreed to pay $750,000 as part of a settlement to resolve...more

[Webinar] Mobile Device Management for Health Care Organizations and Vendors - Sept. 10th, 10:00am PDT

In this webinar, we will demystify the HIPAA Security Rule and how to apply the administrative, physical, and technical safeguards in a mobile environment. We will discuss key takeaways from the recently released NIST Draft...more

Oregon Amends Data Breach Law — Companies Can Expect More Enforcement Actions

Oregon Gov. Kate Brown recently signed into law amendments to the state’s data breach law. These amendments recognize the growing definition of data, expand the role of the Attorney General in addressing data breaches,...more

Also In the News - Data, Privacy, & Security Practice Report - May 2015

ONC Releases Updated Guide To Privacy And Security of Electronic Health Information ? The Office of the National Coordinator for Health Information Technology (“ONC”) recently released Version 2.0 of the Guide to Privacy and...more

New Study Finds That Criminal Attacks Are The Number One Cause Of Health Sector Data Breaches

On May 7, 2015, the Ponemon Institute released its Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data (the “Study”), which surveyed 90 HIPAA covered entities and 88 business associates regarding their...more

“Bring Your Own Device” To Work Programs: Regulatory and Legal Risks and How To Minimize Them

If you’ve ever left your mobile phone on an airplane, in a restaurant, or somewhere other than in your possession, you know it’s frightening enough to think of losing the device itself, which costs a premium, as well as your...more

Office of Civil Rights Delays Phase 2 Audits

The Office of Civil RIghts (“OCR”) recently announced that Phase 2 of the HIPAA audits would be further delayed because the audit portals and project management tools that are needed to initiate the audit process are not...more

Health Update - February 2015

Cyber Risk Insurance Policies: What You Need to Know - Editor’s Note: As data breach incidents and related cyber risks continue to increase and gain publicity—and government agencies become more actively involved in...more

HIPAA Compliant Technology and the Importance of Encryption

We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any...more

Failure to take basic security measures may result in HIPAA penalties – 6 tips to keep up with updates and patches

Covered Entities and their Business Associates must comply with HIPAA’s Security Rule, or they may face substantial penalties. The Office of Civil Rights (OCR) recently shared a resolution agreement that emphasizes the...more

Just in Time for the Holidays: Another HIPAA Settlement

On December 2, 2014, the Office for Civil Rights (OCR) and Anchorage Community Mental Health Services, Inc., (ACMHS) entered into a Resolution Agreement and Corrective Action Plan (CAP) to settle alleged violations of the...more

Blog: Alaska Provider Reaches HIPAA Settlement with OCR for Security Deficiencies

On December 8, 2014, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Anchorage Community Mental Health Services (“ACMHS”) has agreed to settle potential violations of the...more

Business Associate Compliance With HIPAA: Findings From a Survey of Covered Entities and Business Associates

The delivery of health care – and payment for that care – is a complex endeavor, and health care providers and health plans rely on third parties to help them operate as businesses and fulfill their responsibilities to...more

HIPAA Violation Results in $4.8 Million Settlement: An IT Perspective

In today’s healthcare industry, information technology (“IT”) systems play an ever-expanding role in the success of a medical practice. Medical practitioners consistently juggle e-billing and electronic medical records...more

New HIPAA Tool Released by the Federal Government – Makes Assessing Risks Easier and It Won’t Cost You a Dime

Do you lie awake at night wondering if you or the health care entity for which you work is complying with the Health Insurance Portability and Accountability Act (“HIPAA”)? If so, you will be happy to hear that a good night’s...more

A New Year’s Resolution (And Corrective Action Plan) From OCR: Physician Practice Cited For HIPAA Violations

The Office for Civil Rights (OCR) is closing out 2013 with a reminder of the importance of an effective HIPAA compliance program. On December 26, 2013, OCR announced a resolution agreement with a Massachusetts physician...more

Medical practice agrees to payment due to HIPAA data breach

One day after Christmas, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that a Massachusetts-based dermatology practice (Practice) agreed to a $150,000 payment and entered into a...more

Health Plan Agrees To $1.2 Million Settlement For Photocopier HIPAA Security Breach

The Department of Health and Human Services (HHS) announced a settlement on August 14, 2013, with Affinity Health Plan (Affinity), a not-for-profit managed care plan, which included a payment of $1,215,780, for a HIPAA...more

Hiding in plain sight: Failure to scrub patient data from digital copiers returned to leasing company results in $1.2 million...

We’ve sounded warnings about the lowly copy machine before. The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops. Seemingly old fashioned equipment,...more

HITECH What You Need to Know About Electronic Protected Health Information

Recently enacted legislation has resulted in extensive expansions to the privacy, security, breach notification and enforcement rules of the Health Information Technology for Economic and Clinical Health (HITECH) Act under...more

44 Results
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.