News & Analysis as of

News from the Health Law Gurus™ - May 2014

Massachusetts to Start from Scratch with Health Insurance Website — Massachusetts plans to abandon its health insurance exchange website in favor of starting over from scratch, according to a New York Times report....more

Two Health Care Organizations Pay Largest HIPAA Fine at $4.8 Million Resulting from Unsecured Shared Network

New York-Presbyterian Hospital and Columbia University entered into a settlement with the Department of Health and Human Services’ Office of Civil Rights (OCR) to resolve allegations that the organizations had violated the...more

New HIPAA Tool Released by the Federal Government – Makes Assessing Risks Easier and It Won’t Cost You a Dime

Do you lie awake at night wondering if you or the health care entity for which you work is complying with the Health Insurance Portability and Accountability Act (“HIPAA”)? If so, you will be happy to hear that a good night’s...more

Paying the Price: Physician Group Faces Hefty Penalty and OCR Oversight After Failure to Conduct Security Risk Assessment and...

What you need to know: The Office for Civil Rights of the US Department of Health & Human Services is continuing its trend toward more aggressive enforcement of HIPAA violations. Small provider entities are not immune...more

Privacy and Security Alert: January 9th, 2014

On December 5, 2013, the Office of Inspector General (OIG) reported on the Office for Civil Rights’ (OCR) compliance as of May 2011 with oversight and enforcement of the Security Rule and compliance with federal cybersecurity...more

Medical practice agrees to payment due to HIPAA data breach

One day after Christmas, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that a Massachusetts-based dermatology practice (Practice) agreed to a $150,000 payment and entered into a...more

HHS Closes Out 2013 with 6th Resolution Agreement

Throughout 2013, HHS OCR has stated that covered entities of all sizes need to give priority to securing ePHI. In addition, HHS OCR has recommended that covered entities identify and mitigate risks before an incident occurs....more

HIPAA security violations result in $1.7 million settlement

On July 8, 2013, WellPoint, Inc., a managed care company (“WellPoint”), agreed to pay a $1.7 million fine to settle a self-reported breach of HIPAA, a key federal health privacy law, that led to the unauthorized disclosure of...more

HHS Empowers Consumers to Know (and Enforce) their Rights Under HIPAA

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance...more

Birmingham Medical News: I-Phone Or HIPAA-Phone?

With the recent issuance of the long-awaited final rule by the Department of Health and Human Services ("HHS"), the protection of patient information has been a hot topic among the health care industry the past few months....more

Breaking Down The HIPAA Rule Changes: Part 5 Of 5 - Changes To Patients' Rights Under The Final Rule

In This Issue: - Right to Access Protected Health Information - Restrictions on Health Plan Disclosures - Guidance on How to Comply With the Expanded Patient Rights ..Evaluate Electronic Systems ..Revise...more

A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA...

Changes to the HIPAA Security Rule Background: The HIPAA Security Rule protects electronic PHI by requiring Covered Entities to implement certain administrative, physical, and technical safeguards surrounding...more

The Omnibus Final HIPAA Rule Is Here

On January 17, 2013, the Office of Civil Rights of the U.S. Department of Health and Human Services (HHS) announced the omnibus final rulemaking (Omnibus Rule). According to HHS, this Omnibus Rule is needed to strengthen...more

OCR Releases Sample Business Associate Agreement Provisions

The Department of Health and Human Services, Office for Civil Rights (OCR) has posted on its website sample business associate agreement provisions to help covered entities and business associates comply with the new business...more

Final Rules Under HIPAA/HITECH Impact Employer Plans

Modifications to the rules require action by group health plan sponsors and their vendors, including revisions to policies and procedures and new privacy notices. On January 17, the Office for Civil Rights of the U.S....more

HIPAA Omnibus Rule Reshapes Landscape for Health Care Privacy, Security Compliance

Originally published in Health IT Law & Industry Report, on January 23, 2013. On Jan. 17, 2013, the Office for Civil Rights of the U.S. Department of Health and Human Services (‘‘HHS’’) issued a long-awaited omnibus rule...more

Final HIPAA Amendments Expand HIPAA Net: Business Associates Now Required to Enter into Business Associate Agreements with...

On January 17, 2013, the federal Department of Health and Human Services (HHS) announced a final omnibus rule amending the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in accordance with the HITECH Act...more

OCR'S Breach Settlement: The First Ever Involving Less Than 500 Patients

The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more

HHS Announces New Patient Privacy and Security Protections

On January 17, 2013, U.S. Department of Health and Human Services Secretary Kathleen Sebelius announced the final omnibus rule that among other things (1) increases patient privacy protections...more

Health Law Alert: Deficient Data Security On Mobile Devices Leads To First HIPAA Breach Settlement Involving Less Than 500...

On January 2, 2013, the U.S Department of Health and Human Services, Office of Civil Rights (OCR) announced its first HIPAA breach settlement involving less than 500 patients. OCR took action against a hospice provider in...more

First HHS OCR Settlement for HIPAA Breach Involving Less Than 500 Patients Sends Message to Providers

On January 2, 2013, HHS announced that the Hospice of North Idaho (HONI) agreed to pay $50,000 and enter into a Corrective Action Plan (CAP) as part of a settlement involving a breach of unsecured electronic protected health...more

First HIPAA Breach Settlement Involving Less Than 500 Patients Announced

ALL PROVIDERS ARE OFFICIALLY ON NOTICE. In a move that signals just how seriously the federal government is taking its enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the U.S....more

Small Data Breach Leads to $50,000 HHS Settlement for Hospice

In what HHS declares as “the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500 individuals,” the Office for Civil Rights (OCR) reached a $50,000...more

HHS Data-Scrubbing Guidance Backs Strict Privacy Definitions By Allison Grande

Originally published in Law360 on November 29, 2012 The U.S. Department of Health and Human Services recently affirmed the validity of the current methods for scrubbing patient records of identifying data under...more

24 Results
|
View per page
Page: of 1