News & Analysis as of

HHS's New Security Risk Tool for HIPAA Compliance

On March 28, 2014, the HHS Office of the National Coordinator for Health Information Technology (ONC), in conjunction with the HHS Office for Civil Rights (OCR), released a Security Risk Assessment tool (SRA tool) to assist...more

Health Care Law Alert: Skagit County Fined $215,000 for HIPAA Violations

Skagit County in northwest Washington state has been fined $215,000 for violations of the HIPAA privacy, security, and breach notification rules. The U.S. Department of Health and Human Services’ Office for Civil Rights...more

Data Breach Wall of Shame: 2013's Highlights and Lessons

Since 2009, the HHS Office for Civil Rights (“OCR”) has posted all large data breaches – those that involve 500 or more individuals – online on its so-called “Wall of Shame.” In 2013, 160 large data breaches were reported to...more

Paying the Price: Physician Group Faces Hefty Penalty and OCR Oversight After Failure to Conduct Security Risk Assessment and...

What you need to know: The Office for Civil Rights of the US Department of Health & Human Services is continuing its trend toward more aggressive enforcement of HIPAA violations. Small provider entities are not immune...more

A New Year’s Resolution (And Corrective Action Plan) From OCR: Physician Practice Cited For HIPAA Violations

The Office for Civil Rights (OCR) is closing out 2013 with a reminder of the importance of an effective HIPAA compliance program. On December 26, 2013, OCR announced a resolution agreement with a Massachusetts physician...more

Medical practice agrees to payment due to HIPAA data breach

One day after Christmas, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that a Massachusetts-based dermatology practice (Practice) agreed to a $150,000 payment and entered into a...more

Settlement Emphasizes the Need for HIPAA Risk Management

A HIPAA violation involving a health plan’s failure to erase protected health information from photocopier hard drives has resulted in a $1.2 million settlement. Your risk can be significantly reduced if you adopt and...more

Health plan pays for failing to erase data on leased equipment: two takeaways for companies handling electronic PHI

The Office for Civil Rights (OCR) has announced a settlement between the US Department of Health and Human Services and Affinity Health Plan, Inc. to address potential violations of the Health Insurance Portability and...more

HIPAA security violations result in $1.7 million settlement

On July 8, 2013, WellPoint, Inc., a managed care company (“WellPoint”), agreed to pay a $1.7 million fine to settle a self-reported breach of HIPAA, a key federal health privacy law, that led to the unauthorized disclosure of...more

First HIPAA Resolution Agreement of 2013 — and it certainly will not be the last

The HHS Office of Civil Rights (OCR) announced its first HIPAA Resolution Agreement of 2013 last week. According to the press release, Idaho State University (ISU) must pay OCR $400,000 and comply with the terms of a...more

The HIPAA Omnibus Final Rule—Data Privacy and Security Implications for Business Associates and Covered Entities

On January 17, 2013, the Office for Civil Rights (‘‘OCR’’) of the U.S. Department of Health and Human Services (‘‘HHS’’) published the HIPAA Omnibus Final Rule (‘‘Final Rule’’) which OCR has trumpeted as carrying ‘‘the most...more

HIPAA’S FINAL RULE: Putting Things in Perspective – Comments from OCR

On March 22, 2013, Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) Director Leon Rodriguez presented the keynote address to attendees of the American Health Lawyers’ Association HIPAA/HITECH Conference in...more

Special Edition: Health Law Update - February 28, 2013

In This Issue: - A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule 1. Business Associates and Subcontractors 2. Breach Notification 3. Covered Entity Organizational Structures 4. Cloud...more

OCR Issues Final Modifications to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules to Implement the HITECH...

On January 25, 2013, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published a final rule (Final Rule) containing modifications to the privacy standards (Privacy Rule), security...more

HIPAA Alert: Action Steps To Reach Compliance

As discussed in two prior HIPAA alerts, a final, 563-page Omnibus HIPAA Rule was released by the Department of Health and Human Services Office of Civil Rights to strengthen HIPAA’s security and privacy protections. The final...more

The New HIPAA Omnibus Rule & Your Liability — A Detailed Review

As we have reported in this blog, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and...more

Expanding The Reach Of HIPAA Data Security And Privacy Requirements

In this information technology era, it is little wonder that the Obama Administration has made enforcement of data security and privacy protections a top priority. The enforcement emphasis reflects public opinion favoring...more

Final HIPAA Regulations: What's Changed (and What Hasn't) for Group Health Plans

The Office for Civil Rights of the Department of Health and Human Services (“OCR”) has issued final regulations modifying the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security, Breach...more

What Employers That Maintain Group Health Plans Need to Know About the HIPAA Omnibus Regulations

On January 25, 2013, the Department of Health and Human Services (HHS) published final regulations that modify the Privacy, Security, Enforcement and Breach Notification Rules issued pursuant to the Health Insurance...more

HIPAA Risk Analysis

HIPAA relies heavily on risk analysis in multiple contexts. For example, risk analysis has a major role in the Breach Notification Rule under the new regulations issued by the U.S. Department Health and Human Services on...more

A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA...

Changes to the HIPAA Breach Notification Rule - Background: The HITECH Act required Covered Entities to notify individuals, HHS, and in some cases, the media, of a Breach of Unsecured PHI. A Business Associate is...more

HIPAA Alert: Breach & Notification Requirements

As discussed in the previous HIPAA alert, a final, 563-page Omnibus HIPAA Rule was released by the Department of Health and Human Services Office of Civil Rights to strengthen HIPAA’s security and privacy protections. The...more

A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA...

Changes to the HIPAA Enforcement Rule - Background: On October 30, 2009, HHS issued an interim final rule revising the Enforcement Rule to incorporate provisions of the HITECH Act. The NPRM then proposed a number of...more

A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA...

Changes to the HIPAA Security Rule Background: The HIPAA Security Rule protects electronic PHI by requiring Covered Entities to implement certain administrative, physical, and technical safeguards surrounding...more

McAfee & Taft Healthcare Industry Alert: New HIPAA regulations - Begin your compliance review now

On January 17, 2013, the Department of Health and Human Services issued a final rule amending the Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations and implementing the Health...more

63 Results
|
View per page
Page: of 3