Health Insurance Portability and Accountability Act Data Protection

The Health Insurance Portability and Accountability Act is a United States federal statute enacted in 1996 to provide greater protection for individual's medical information and prescribe standards for the... more +
The Health Insurance Portability and Accountability Act is a United States federal statute enacted in 1996 to provide greater protection for individual's medical information and prescribe standards for the manner in which healthcare professionals gather, use, and maintain health information.  less -
News & Analysis as of

Health System Investigated for Leaving PHI in Doctor’s Driveway – Settles with OCR for $800K

While OCR enforcement activity has focused on a covered entity’s safeguarding of ePHI, organizations cannot forget about PHI in non-electronic form. To settle potential violations of the HIPAA Privacy Rule, Parkview Health...more

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured...more

The New "Meaningful Use" Landscape: A Transition from Incentives to Penalties - CMS Begins Enforcing Penalties for Failure to...

Starting in 2015, eligible physicians and hospitals participating in the Medicare Electronic Health Records Incentive Program who do not adopt "meaningful" use" certified electronic health record (EHR) technology will no...more

HHS Attorney: Major HIPAA Fines and Enforcement Coming

As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR. But according to recent remarks by a high-ranking HHS attorney, if you thought these...more

Privacy Tuesday – June 3, 2014

The first Tuesday in June is also the first Tuesday of meterological summer -and a welcome sight after a brutally-long winter for many of our readers. So, here’s to a happy Summer! Google Receives 12,000 Take-Down...more

No Judicial Review of FTC Jurisdiction until the Agency Takes a Final Action

Companies that handle personal data may need to litigate an FTC enforcement action to its conclusion before a court will review the Commission's jurisdiction to commence the enforcement action in the first place....more

Dealing with a Data Broker? Here's What you Need to Know

The FTC recently released its report, “Data Brokers: A Call for Transparency and Accountability.” The report is the result of a study of nine data brokers and provides legislative recommendations...more

Human Error Biggest Threat to Patient Data Security and Privacy

Human error remains the biggest threat to healthcare data privacy, according to the latest study on patient privacy and data security by the Ponemon Institute. Healthcare organizations also continue to struggle with...more

CMS and ONC Propose Rule to Help Providers Make Use of EHR and to Extend Timeline for Meaningful Use

The Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) announced a proposed rule, on May 20, 2014, that would allow providers more flexibility...more

Proposed modifications to EHR Incentive Programs

Last year, HHS revised policies and definitions surrounding what constitutes certified EHR technology—required for meaningful use incentive program payment eligibility—from the 2011 Edition criteria to the 2014 Edition...more

CMS and ONC Issue Proposed Rule Modifying 2014 Requirements for EHR Incentive Programs and Certified EHR Technology

On May 23, 2014, the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) issued a proposed rule to modify (i) the meaningful use stage timeline of...more

Failure to Encrypt Mobile Devices = Nearly $2 Million in Settlements

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled for the collective amount of $1,975,220 with Concentra Health Services (Concentra) and QCA Health Plan, Inc. (QCA). The settlements stem...more

Policyholders Face Heightened Scrutiny Under OCR’s New Permanent Audit Program

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has notably increased enforcement of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) and Health Information...more

Health Update - May 2014

Litigation Arising from the Affordable Care Act: The Blessing and Curse of Interesting Times - The Affordable Care Act (ACA) has brought the most sweeping changes to the healthcare delivery and payment systems in the...more

FTC Workshop Addresses New Data Privacy Issues Concerning Consumer Generated Health Data

On May 7, 2014, the FTC hosted the latest seminar in their Spring Privacy Series to address the status of Consumer Generated and Controlled Health Data and relate results of recent FTC studies on the topic. Consumers are...more

Regulatory double jeopardy? FTC enforcement of privacy and security in healthcare

How should health care companies strengthen their HIPAA compliance programs to manage the risk of a potential FTC investigation? While the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more

So, Are You Really Compliant With HIPAA?

As covered entities under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), healthcare providers are intimately familiar with the strict privacy and security requirements imposed on them by HIPAA and...more

HHS OCR Settles Post-Data Breach Investigation for Record $4.8M

On May 7, 2014, HHS OCR announced a pair of resolution agreements with New York Presbyterian Hospital (NYP) and Columbia University (CU) totaling $4.8 million dollars—the highest settlement amount to date. These resolution...more

Florida Legislature Passes Stringent New Data Breach Law

On April 30, the Florida Legislature passed Senate Bill 1524, otherwise known as the Florida Information Protection Act of 2014. If signed by the governor, starting July 1, this bill will impose stringent new requirements on...more

Why Do I Need a Business Associate Agreement? Ensuring Your Business is HIPAA and HITECH Compliant

Many companies have recently begun receiving Business Associate Agreements from healthcare entities, including hospitals, clinics, physician offices, public health facilities and similar types of organizations. Business...more

We have seen this movie before ….. and we all should know that it does not end well.

How much is the cost of doing nothing when it comes to encryption of sensitive data? In the case of electronic protected health information, about $2 million. Two companies have been hit with fines equaling a total...more

HHS announces new risk assessment tool for HIPAA security compliance

Recently, the Department of Health and Human Services released an interactive security risk assessment tool intended to assist employers who sponsor self-insured group health plans in complying with their HIPAA security rule...more

Physical Therapy Provider Enters into HIPAA Settlement

U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced yet another enforcement action. Specifically, OCR opened a compliance review of Concentra Health Services (Concentra) upon...more

No More Excuses: Encrypt Your Laptops or Pay Big $

Two companies were hit with fines equaling a total of almost $2 million to settle alleged Health Insurance Portability and Accountability Act (HIPAA) violations involving stolen, unencrypted laptops, the U.S. Department of...more

OCR Releases Information on What Phase 2 HIPAA Audits Will Look Like

The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more

235 Results
|
View per page
Page: of 10