News & Analysis as of

Top 5 takeaways on telemedicine and eHealth

Here are the main legal topics on telemedicine and eHealth discussed during the ETSI eHealth Workshop on telemedicine where I gave a speech on the legal implications of telemedicine. The Workshop was very interesting...more

Data Breach Wall of Shame: 2013's Highlights and Lessons

Since 2009, the HHS Office for Civil Rights (“OCR”) has posted all large data breaches – those that involve 500 or more individuals – online on its so-called “Wall of Shame.” In 2013, 160 large data breaches were reported to...more

FTC and Accretive Health Settle Unfair Business Practice Complaint Centered on Data Security Measures

Accretive Health recently agreed to settle a Federal Trade Commission (FTC) complaint that stems from a July, 2011 incident in which an Accretive employee’s laptop was stolen from his car. As a medical billing and revenue...more

Privacy Class Action – Theories of Liability – 2013 Year in Review

One hot area of data privacy litigation over the past several years has been data breach class actions brought under the California Confidentiality of Medical Information Act (“CMIA”), which provides that a person may recover...more

Health Law Blog: HIPAA Update: Don't Forget Your Photocopiers

Affinity Health Plan has agreed to pay more than $1.2 million to settle potential violations of the HIPAA Privacy and Security Regulations....more

Seven-Figure HIPAA Settlement Prompted by Photocopier Breach

The Office for Civil Rights’ (OCR) latest seven-figure fine for HIPAA violations resulted from a failure to remove protected health information or “PHI” from the hard drive of a leased photocopier. The $1,215,780 settlement...more

HIPAA and the Omnibus Rule: How to Assess Whether and What your Company Must Do to Comply

A key amendment to the Health Insurance Portability and Accountability Act (“HIPAA”) called the “Omnibus Rule” took effect on March 26, 2013. The Omnibus Rule impacts both companies that directly collect protected health...more

HIPAA’s New Rules: Expanding Scope, Clarifying Uncertainties, & Reinforcing Fundamentals

On January 25, 2013, the Secretary for the United States Department of Health and Human Services, Office for Civil Rights (the “Department”) officially published the long-awaited final regulations (the “Final Rule”)...more

The HITECH Final Rule: The New Privacy/Security Rules of the Road Have Finally Arrived

Since the 2009 enactment of the Health Information Technology for Economic and Clinical Health Act (the “Act” or “HITECH Act”), compliance efforts associated with the Health Insurance Portability and Accountability Act of...more

HIPAA Omnibus Final Rule Imposes New Obligations on Business Associates

On January 25, 2013, the Department of Health and Human Services/Office for Civil Rights (HHS/OCR) published in the Federal Register (78 Fed. Reg. 5566) the long-awaited final rule titled Modifications to the HIPAA Privacy,...more

Business Associates Beware

If you haven’t yet caught up with the new HIPAA Omnibus Rule and its consequences for those businesses who are not themselves healthcare providers, but are service providers to healthcare entities (and even further downstream...more

Health Law: Hospice pays $50,000 for Failing to Conduct HIPAA Security Risk Assessment; Inadequate Security Policies

A small non-profit hospice in Idaho agreed to pay $50,000 to settle allegations that it violated the HIPAA security regulations. The allegations stemmed from a report made to HHS by the hospice after a laptop containing...more

Cord Blood Bank Settles FTC Charges that it Failed to Protect Consumers’ Sensitive Personal Information

On January 28, 2013, CBR Systems, Inc. (CBR) agreed to settle FTC charges that it failed to protect its customers’ personal information, including nearly 300,000 customers’ Social Security numbers and credit and debit card...more

Final HIPAA Rule Has Sweeping Impact on Covered Entities and Business Associates

On January 25, 2013, the Department of Health and Human Services (HHS) published the highly anticipated Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule (the “Final Rule”). The Final Rule...more

Overview of 2013 Amendments to HIPAA Privacy, Security, Breach Notification and Enforcement Rules

On January 17, 2013, the federal Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"), issued the long-anticipated final omnibus amendments (the "2013 Amendments") to the Privacy, Security, Breach...more

2013 HIPAA Changes

On January 17, 2013, the Department of Health and Human Services issued the long-awaited revisions to the HIPAA rules, making a number of changes to the current HIPAA privacy, security, breach notification and enforcement...more

HIPAA Omnibus Rule Reshapes Landscape for Health Care Privacy, Security Compliance

Originally published in Health IT Law & Industry Report, on January 23, 2013. On Jan. 17, 2013, the Office for Civil Rights of the U.S. Department of Health and Human Services (‘‘HHS’’) issued a long-awaited omnibus rule...more

Final HIPAA Amendments Expand HIPAA Net: Business Associates Now Required to Enter into Business Associate Agreements with...

On January 17, 2013, the federal Department of Health and Human Services (HHS) announced a final omnibus rule amending the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in accordance with the HITECH Act...more

Be Prepared: Redline Version of the HIPAA/HITECH Final Rule

The final rule is significant for any organization that is considered to be a HIPAA covered entity (“CE”) (health systems, health care providers, health plans, etc.) or the more broadly defined business associate (“BA”)....more

Massachusetts AGO Enters Into Another Settlement For Data Security Violations

For the fourth time since the Massachusetts data security regulations took effect in March 2010, the Massachusetts Attorney General’s Office (“AGO”) has settled allegations that Massachusetts-based entities violated the...more

20 Results
|
View per page
Page: of 1