Health Insurance Portability and Accountability Act Data Security

The Health Insurance Portability and Accountability Act is a United States federal statute enacted in 1996 to provide greater protection for individual's medical information and prescribe standards for the... more +
The Health Insurance Portability and Accountability Act is a United States federal statute enacted in 1996 to provide greater protection for individual's medical information and prescribe standards for the manner in which healthcare professionals gather, use, and maintain health information.  less -
News & Analysis as of

FTC Overturns ALJ’s LabMD Decision and Reasserts its Role as a Data Security Enforcer

On July 29, 2016, the Federal Trade Commission (“FTC” or “Commission”) reversed an FTC administrative law judge’s (“ALJ”) opinion which had ruled against the FTC, finding that the Commission had failed to show that LabMD’s...more

Now is a Good Time to Review Your HIPAA Policies

The HHS Office for Civil Rights (OCR) has announced it is increasing its investigations of breaches of unsecured protected health information (PHI) affecting fewer than 500 individuals. As a reminder, the HIPAA Breach...more

FTC Finds Laboratory Security Practices Caused Consumer Harm

On July 28, 2016, a panel (the “FTC Panel”) of three acting Federal Trade Commission (“FTC”) commissioners issued an opinion that found that LabMD, Inc. (“LabMD”) failed to implement reasonable security measures to protect...more

$2.75 Million OCR Settlement Underscores the Importance of Risk Management and Analysis

How the theft of a single password-protected laptop turned into an enterprise-wide review of an organization’s data protection practices. Following the announcement of a recent settlement between the U.S. Department of...more

Got Data? Actual Harm Not Required for FTC Enforcement Action for Lax Security Measures

While much of Washington, D.C. is enjoying the slow and hazy days of summer, the Federal Trade Commission (FTC) is staying busy solidifying its presence as the go-to authority for data security. Most recently, on July 29,...more

Lessons for Businesses from FTC’s Opinion on LabMD’s Data Security Practices

The Federal Trade Commission (FTC) has issued an Opinion and Final Order finding that the data security practices of LabMD, Inc. were unreasonable, and therefore constituted an unfair act or practice in violation of Section 5...more

Record-Breaking HIPAA Settlement Sends Strong Message to Covered Entities

This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of...more

FTC Overrules LabMD Dismissal, Finds Unfair Data Security Practices

The FTC issued an Opinion and Final Order reversing the previously dismissed charges against LabMD on July 29. FTC Administrative Law Judge (ALJ) D. Michael Chappell had dismissed the case against LabMD on November 13, 2015...more

Largest HIPAA Settlement Announced Against A Single Entity: $5.55 Million

On August, 4, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Advocate Health Care Network (Advocate) agreed to pay a settlement amount of $5.55 million and adopt a...more

University of Mississippi to Pay $2.75 Million for Alleged HIPAA Violations

On July 21, 2016, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced a settlement with the University of Mississippi Medical Center (UMMC), stemming from a 2013 breach of...more

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

The US Department of Health and Human Services (HHS) has recently issued guidance under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and...more

HIPAA News: HHS Getting Tough On ePHI Data Breaches

On August 4, 2016, the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) announced a record-setting settlement with Advocate Health Care Network (Advocate) for multiple potential violations of HIPAA...more

Largest Health & Human Services HIPAA Settlement Wake-Up Call for Covered Entities to Evaluate and Mitigate Risks

On Thursday, August 4, 2016, the U.S. Department of Health & Human Services, Office of Civil Rights (OCR) announced the largest settlement ever with a single entity for multiple potential Health Insurance Portability and...more

FTC Reverses ALJ’s Decision In LabMD Case

Back in November 2015, Chief Administrative Law Judge (ALJ) D. Michael Chappell ruled that the Federal Trade Commission (FTC) failed to show that LabMD, Inc.’s (LabMD) data security practices caused harm to consumers stemming...more

Alert: FTC Commissioners Find LabMD's Failure to Implement Data Security Practices "Unfair"

On July 29, 2016, the Federal Trade Commission (FTC or Commission) announced its long-awaited decision in its LabMD enforcement action. The Commissioners reversed the decision of an Administrative Law Judge (ALJ) and held...more

FTC Holds That Disclosure of Sensitive Medical Information Due to Lax Security Violates the FTC Act

Last week, three commissioners from the Federal Trade Commission (FTC) held in In the Matter of LabMD, Inc. that a company’s failure to implement reasonable security measures to protect sensitive consumer information on its...more

Commission Holds FTC Unfairness Claim Does Not Require “Probable” or Tangible Injury in LabMD Data Security Case

The Federal Trade Commission unanimously (3-0) ruled on July 29, 2016 that LabMD’s data security practices were “unfair” under Section 5 of the FTC Act, reversing a decision of its Administrative Law Judge (ALJ). As we...more

Hospital Text Messaging Rules Placed on Hold by Joint Commission

The Joint Commission, which accredits hospitals and other health care organizations, hit pause on its prior May 2016 announcement to allow secure text messaging in hospitals and other health care organizations. The use of...more

Boosts in Ransomware Attacks Spark Multiple Government Agency Responses

Following a recent U.S. government interagency report indicating that, on average, there has been an alarming 300 percent spike in daily ransomware attacks since early 2016 as compared with 2015, the U.S. Department of Health...more

Unplanned EHR Disruptions–Common for Hospitals

The prevalence of ransomware attacks is increasing. In fact, “[o]n average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016,” according to a recent interagency government report. Given this...more

Is encryption the key to your data security?

With the increased rate of data breaches targeting personal information, an increased public awareness of online privacy, and an increasingly demanding regulatory landscape, large and small businesses are looking to...more

More (MACRA) Data Analysis, Please

On July 1, CMS finalized new MACRA rules that significantly expand how qualified data entities will be allowed to share or sell analyses of Medicare and private claims data to providers, insurers, employers, and others who,...more

Breach of ePHI Results in $2.7 Million Fine

Oregon Health & Science University (“OHSU”) has paid $2.7 million to the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle allegations that it violated the Health Insurance Portability...more

Business Associate Settles HIPAA Investigation for $650,000

The U.S. Office for Civil Rights (OCR), the agency responsible for enforcing the HIPAA Privacy and Security rules, has just sent a strong message that business associates are not immune from scrutiny. On June 24, 2016, in a...more

HIPAA Compliance: Navigating a Health Care Minefield

In the two decades since its original passage, complying with the federal Health Insurance Portability and Accountability Act (HIPAA) hasn’t gotten any easier. Enacted with the primary goal of protecting the confidentiality,...more

98 Results
|
View per page
Page: of 4
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×