News & Analysis as of

Health Insurance Portability and Accountability Act (HIPAA) Encryption

Paul Hastings LLP

Data Privacy and Cybersecurity New Laws and Regulations Report

Paul Hastings LLP on

Throughout 2022, we continue to see regulators placing an emphasis on the importance of protecting and securing information, in particular consumer personal information, at both the federal and state levels. ...more

BakerHostetler

OCR Provides Guidance on the Privacy of Data Stored on Health Apps and Mobile Devices

BakerHostetler on

In the wake of the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, many individuals and organizations have expressed uncertainty about the protection afforded to data stored on health apps,...more

Steptoe & Johnson PLLC

OCR Waives HIPAA Penalties Against Providers Using Electronic COVID-19 Vaccine Scheduling

On February 24, 2021, the Office for Civil Rights at the U.S. Department of Health and Human Services (“OCR”) announced that it will not impose penalties against covered entities or their business associates that use online...more

Bass, Berry & Sims PLC

Perfection Not Required: Fifth Circuit Vacates HHS OCR $4.3 Million Penalty for Potential Data Breach Case

Bass, Berry & Sims PLC on

On January 14, the Fifth Circuit vacated the University of Texas M.D. Anderson Cancer Center’s (M.D. Anderson) $4.3 million fine for HIPAA violations arising from its loss of more than 35,000 individuals’ protected health...more

Foley & Lardner LLP

OCR Relaxes Enforcement on Providers Using Scheduling Apps for COVID-19 Vaccinations

Foley & Lardner LLP on

On January 19, 2021, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Enforcement Discretion (Notice) announcing that it will not impose penalties for...more

K&L Gates LLP

K&L Gates Triage: HIPAA: Do Hospitals Need a Business Associate Agreement with their Health System Parent Corporation?

K&L Gates LLP on

In this week’s episode, Rebecca Schaefer and Hannah Maroney discuss a string of recent HIPAA enforcement actions which demonstrate that the HHS Office of Civil Rights (OCR), the agency tasked with enforcing HIPAA, is...more

Health Care Compliance Association (HCCA)

Lifespan Pays $1M to Settle HIPAA Case Over Stolen Unencrypted Laptop

Report on Medicare Compliance 29, no. 28 (August 3, 2020) - The 2017 theft of an unencrypted laptop is at the heart of a new HIPAA settlement with Lifespan Health System Affiliated Covered Entity (Lifespan ACE) in Rhode...more

Bricker Graydon LLP

HIPAA settlement highlights importance of mobile device encryption

Bricker Graydon LLP on

On July 27, 2020, the U.S. Department of Health and Human Services (HHS) announced that it reached a settlement with a Rhode Island nonprofit health system related to the theft of an unencrypted laptop containing its...more

Rivkin Radler LLP

RI Health System Paid $1 Million HIPAA Settlement

Rivkin Radler LLP on

After a long quiet period, the second HIPAA settlement to be announced by the U.S. Department of Health and Human Services (HHS) in an orchestrated one-two punch was far more costly to the second violator. Lifespan Health...more

Sands Anderson PC

A Practical Security Reminder for the COVID-19 Outbreak – Not Just for Remote Workers!

Sands Anderson PC on

As many businesses and organizations adapt to the impact of COVID-19 on their operations, the systems and data security risks they face continue to increase and must be an area of focus in all planning for COVID-19. While...more

Health Care Compliance Association (HCCA)

Under New Settlement, Ambulance Co. Pays OCR $65K, Must Quickly Encrypt Computers

Report on Patient Privacy 20, no. 1 (January 2020) - In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more

Health Care Compliance Association (HCCA)

As MD Anderson Keeps Up Its Legal Fight, U. Rochester Pays OCR $3M

Report on Research Compliance 17, no. 1 (January 2020) - Ah, those pesky residents. If you’re a teaching hospital, you can’t live without them, right? But sometimes living with them is mighty costly, as the University of...more

Shook, Hardy & Bacon L.L.P.

Privacy and Data Security Alert | December 2019

SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more

Faegre Drinker Biddle & Reath LLP

$3 Million OCR HIPAA Settlement Due to Lost Flash Drive and Stolen Laptop

The University of Rochester Medical Center (URMC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $3 million no-fault settlement agreement and two year corrective...more

Saul Ewing LLP

Large New York State Health System Agrees To Pay $3 Million For Its Failure to Repeatedly Encrypt Mobile Devices

Saul Ewing LLP on

On November 5, 2019, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) announced a $3 million settlement with the University of Rochester Medical Center (URMC) to settle potential...more

Holland & Hart - Health Law Blog

Encrypt Your Devices or Face HIPAA Penalties

This week, the Office for Civil Rights (“OCR”) announced a $3,000,000 HIPAA settlement arising from a medical center’s loss of an unencrypted laptop and flash drive. This is simply the latest of many HIPAA settlements based...more

McGuireWoods LLP

Unencrypted Mobile Devices Cost Medical Center $3 Million In HIPAA Settlement

McGuireWoods LLP on

In one of this year’s largest HIPAA settlements, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is set to collect $3 million from the University of Rochester Medical Center (URMC). This...more

Baker Donelson

Protecting LTC Residents' PHI: Eight Tips for Avoiding a Data Breach

Baker Donelson on

Organizations that meet the definition of "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA) must be diligent to maintain the privacy and security...more

Robinson+Cole Health Law Diagnosis

Texas Health System MD Anderson Seeks 5th Circuit Review of HHS Determination that HIPAA Required Encryption of its ePHI

On April 8, 2019, The University of Texas MD Anderson Cancer Center (MDA) filed a petition with the U.S. Court of Appeals for the Fifth Circuit seeking review of a decision by the Department of Health & Human Services’s (HHS)...more

Sheppard Mullin Richter & Hampton LLP

US Breach Laws Are Coming: Iowa

As we approach 2019, companies will want to keep in mind the changes that are coming to various US states’ breach notice laws. On January 1, 2019 Iowa’s law, which has already been amended twice since it was passed in 2008,...more

Sheppard Mullin Richter & Hampton LLP

Are You a “Hybrid Entity” under the Health Insurance Portability and Accountability Act of 1996? The $4,348,000 Question

A single, multidisciplinary entity, like a university, may include certain departments that use PHI, and other departments that do not. Such institutions are eligible to (and should) self-identify as “hybrid entities” to...more

Bradley Arant Boult Cummings LLP

Summary Judgment: Recent HIPAA Case Emphasizes Encryption, Action on Risk Analysis - AHLA Health Information and Technology...

On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more

Patterson Belknap Webb & Tyler LLP

Hospital Hit with $4.3 Million Fine for “Snail’s Pace” HIPAA Compliance

Healthcare organizations take note: not following your own data security rules can be costly, very costly. And the more time it takes to comply, the faster the fines stack up....more

Ruder Ware

When Does a HIPAA Breach Exist?

Ruder Ware on

Conducting HIPAA Breach Risk Assessments - The HIPAA rules relating to assessment of potential patient confidentiality breaches were changed in 2013. Specifically, on January 17, 2013, the Office of Civil Rights released...more

Holland & Knight LLP

CMS Memo on Texting Patient Information

Holland & Knight LLP on

CMS issued a memo to state survey agency directors on December 28, 2017, to clarify CMS’s position on texting patient information. The memo, which indicates that it is effective “immediately,” states that CMS prohibits...more

74 Results
 / 
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide