News & Analysis as of

Starting Oct. 6, Patients Can Access Test Reports Directly From Clinical Laboratories

On Oct. 6, 2014, a final rule issued jointly by the Centers for Medicare & Medicaid Services (CMS), Centers for Disease Control and Prevention (CDC), and Office for Civil Rights (OCR) will require all HIPAA-covered labs...more

“LoProCo”, 12,915 Complaints, and Other Lessons from OCR/NIST

12,915 complaints were reported in 2013 to the Department of Health and Human Services Office of Civil Rights (“OCR”) according to Illiana L. Peters, Senior Adviser for HIPAA Compliance and Enforcement. Cozen O’Connor...more

HIPAA Violation Results in $4.8 Million Settlement

While most healthcare providers know to pay close attention to the HIPAA rules when setting up their information technology systems, recent events have demonstrated that this close scrutiny should also be applied to computer...more

Health System Pays $800,000 Fine for Leaving PHI in Doctor’s Driveway

While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI),...more

Health System Investigated for Leaving PHI in Doctor’s Driveway – Settles with OCR for $800K

While OCR enforcement activity has focused on a covered entity’s safeguarding of ePHI, organizations cannot forget about PHI in non-electronic form. To settle potential violations of the HIPAA Privacy Rule, Parkview Health...more

D’oh! OCR Confirms that Medical Records Should Not be Left in the Driveway

The most recent Office for Civil Rights (“OCR”) HIPAA enforcement action serves as an important reminder to health care providers of the security risks associated with a mishandled medical records custody transfer and the...more

Health Law Alert: The Deadline for Amending Business Associate Agreements is Quickly Approaching

A key change from 2013’s HITECH “Omnibus” Rule was a requirement that Business Associate Agreements (“BAAs”) be modified to reflect revisions to HIPAA regulations. When the rule was issued on January 25, 2013, Covered...more

HHS Reports to Congress highlight HIPAA Compliance and Breach Activities

On June 11, 2014, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued two reports to Congress summarizing activities in calendar years 2011 and 2012. The Annual Report to Congress on...more

Health Law Alert: HIPAA Enforcement on the Rise, as OCR Audit Program Moves Forward

A recent settlement from New York—involving the largest fine levied to date in the history of HIPAA enforcement, a staggering $4.8 million imposed on two public hospitals—should remind health care providers, health plans and...more

Failure to Encrypt Mobile Devices = Nearly $2 Million in Settlements

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled for the collective amount of $1,975,220 with Concentra Health Services (Concentra) and QCA Health Plan, Inc. (QCA). The settlements stem...more

Policyholders Face Heightened Scrutiny Under OCR’s New Permanent Audit Program

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has notably increased enforcement of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) and Health Information...more

Stolen Laptops Lead to $2 Million Fine To Settle HIPAA Violations

Lost or stolen unencrypted mobile devices — commonly laptops — are the primary cause of major healthcare data breaches. This unfortunate trend persists, despite warnings from the Office for Civil Rights (OCR) of the U.S....more

Regulatory double jeopardy? FTC enforcement of privacy and security in healthcare

How should health care companies strengthen their HIPAA compliance programs to manage the risk of a potential FTC investigation? While the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more

HHS OCR Settles Post-Data Breach Investigation for Record $4.8M

On May 7, 2014, HHS OCR announced a pair of resolution agreements with New York Presbyterian Hospital (NYP) and Columbia University (CU) totaling $4.8 million dollars—the highest settlement amount to date. These resolution...more

OCR Releases Information on What Phase 2 HIPAA Audits Will Look Like

The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more

HIPAA Security Risk Assessment Tool Released by HHS

HIPAA security risk assessment (SRA) tool was recently made available through HHS. The tool was developed as a collaborative effort between the HHS Office of the National Coordinator for Health Information Technology (ONC),...more

HHS Extends Patient Access To Laboratories

On February 6, 2014, the Department of Health and Human Services (HHS) published a Final Rule amending regulations implementing the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance...more

En Español: HHS Agencies Issue Model Notices of Privacy Practices in Spanish

Last week, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and Office for the National Coordinator for Health Information Technology (ONC) issued model Notices of Privacy Practices (NPPs) in...more

OCR Proposes HIPAA Amendments to Address Gun Violence

As we previously reported, President Obama has made it a priority to improve the National Instant Criminal Background Check System (“NICS”). Last week, more than eight months after the issuance of a advance notice of...more

Healthcare Privacy – 2013 Year in Review

On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more

HHS Closes Out 2013 with 6th Resolution Agreement

Throughout 2013, HHS OCR has stated that covered entities of all sizes need to give priority to securing ePHI. In addition, HHS OCR has recommended that covered entities identify and mitigate risks before an incident occurs....more

OIG Finds Office for Civil Rights Did Not Meet All Requirements For Oversight and Enforcement of the HIPAA Security Rule

According to the Office for the Inspector General (OIG) of the Department of Health & Human Services (HHS), the Office for Civil Rights (OCR) has accomplished certain requirements, but it has not satisfied others that are...more

OCR Issues Guidance on HIPAA Refill Reminder Marketing Exception, and other Modifications to Privacy Protections

On September 19, 2013, the Office of Civil Rights of the Department of Health and Human Services (“OCR”) released guidance on a number of privacy protections, the most significant of which relates to the refill reminder...more

OCR Releases Model Notices of Privacy Practices

Under the Privacy Rule, an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that...more

Hearing to Address HIPAA Accounting of Disclosures

The HHS Office of Civil Rights (OCR) announced that the Health Information Technology (HIT) Policy Committee’s Privacy and Security Tiger Team will hold a virtual, public hearing on Monday, September 30 from 11:45 a.m. to...more

94 Results
|
View per page
Page: of 4