Health Tech Podcast - Episode 3: HIPAA, HITECH and TCPA
The Biggest Changes in HIPAA/HITECH Omnibus Rule & Recommended Action Steps—Ted Kobus
On April 17, 2024, Nebraska Governor Jim Pillen signed the Nebraska Data Privacy Act (the "Act"), which takes effect on January 1, 2025. The Act maps in large part to the Texas Data Privacy and Security Act. Like Texas, the...more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more
The U.S. Department of Health and Human Services ("HHS") issued a concept paper describing its overarching strategy to address healthcare cybersecurity. The concept paper builds on the Biden-Harris Administration's National...more
On February 27, 2023 the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced the formation of three new divisions within the office: Enforcement Division, Policy Division,...more
On April 11, 2023, OCR announced that the Notifications of Enforcement Discretion issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and...more
On February 27, 2023, the U.S. Department of Health and Human Services (HHS) announced that its law enforcement agency – the Office for Civil Rights (OCR) – will reorganize, adding new divisions to better address the rapid...more
On November 28, 2022, the U.S. Department of Health and Human Services (“HHS”) proposed sweeping changes to the rules that govern use and disclosure of protected health information (“PHI”) about patients receiving substance...more
A strong cybersecurity program can help defend against cyber attacks and protect sensitive patient data. Thanks to a 2021 amendment of the HITECH Act, when a breach occurs, it can also reduce enforcement penalties. The...more
The HHS Office for Civil Rights is requesting comments about HIPAA covered entities’ and business associates’ implementation of “recognized security practices” and payments to “harmed individuals” from funds the agency...more
Information is power, but the consequences of mismanaging information in the health care industry can be severe. Electronic Health Record (EHR) systems provide comprehensive real-time patient medical information in an...more
On January 1, 2023, the Virginia Consumer Data Protection Act (VCDPA) will go into effect. With passage of the law earlier this year, Virginia joined Colorado and California as the only states to enact comprehensive privacy...more
In 2015, the United States Department of Health & Human Services (HHS) Office of Civil Rights (OCR) will begin enforcing the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the Health...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will soon begin a second phase of audits (Phase 2 Audits) of compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued two reports to Congress, as required by the HITECH Act. The compliance report details OCR’s enforcement activities for 2011 and 2012 and...more
Recent enforcement actions and the new Omnibus Rule implementing several HITECH obligations highlighted the need for a new look at HIPAA obligations for covered entities and now business associates. HITECH not only raised the...more
A recent Office of the Inspector General (OIG) Report reviews progress made by the Office for Civil Rights (OCR) toward enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule following...more
Just days before the September 23, 2013 enforcement date for the new HITECH Act Omnibus rules, the Department of Health and Human Services' Office for Civil Rights has published several new guidance tools and documents. On...more
Idaho State University (ISU) was recently the target of an investigation and enforcement action for violations of the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA)....more
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) sets forth rules to protect the privacy and security of individuals’ health information that is held by “covered entities,” such as group health plans....more
Prosecutors are a fun bunch and they love their jobs and their mission – to prosecute law-breakers for violating the law. ...more
On January 25, 2013, the Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS) published the long-awaited omnibus final regulation governing health data privacy, security and enforcement (Omnibus...more
Federal enforcement of False Claims Act (FCA), Stark anti-kickback, and HIPAA/HITECH claims against healthcare companies continues to rise rapidly. FCA recoveries by the U.S. Department of Justice (DOJ) exceeded $9.5 billion...more
On January 25, 2013, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published a final rule (Final Rule) containing modifications to the privacy standards (Privacy Rule), security...more
The Office for Civil Rights of the Department of Health and Human Services (“OCR”) has issued final regulations modifying the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security, Breach...more
Changes to the HIPAA Enforcement Rule - Background: On October 30, 2009, HHS issued an interim final rule revising the Enforcement Rule to incorporate provisions of the HITECH Act. The NPRM then proposed a number of...more