Protected Health Information

News & Analysis as of

Latest OCR Enforcement Action: Underbed Storage is Not Appropriate for PHI

Recent enforcement actions by the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) have highlighted that, not surprisingly, Covered Entities should not leave medical records in a...more

Historic Moment: Husband Reports Wife’s HIPAA Violation Triggering Six Figure Penalty Against Employer

For the second time in history, the Office for Civil Rights (“OCR”) has imposed a civil monetary penalty (“CMP”) against a covered entity for violations of the Health Insurance and Portability Act (“HIPAA”). Lincare, Inc., a...more

Deadline for Reporting “Small” 2015 HIPAA Breaches Approaching

For those covered entities who experienced one or more HIPAA breaches involving less than 500 individuals during the calendar year 2015, the deadline for reporting those breaches to the Secretary of the U.S. Department of...more

Centene announces search for missing hard drives containing PHI of 950,000 individuals

Centene Corporation, a health insurer headquartered in St. Louis, announced on January 25, in a press release that it is undertaking an, “ongoing comprehensive internal search for six hard drives that are unaccounted for in...more

Breaking Up is Hard to Do: Notifying Patients When a Physician Leaves

The University of Rochester Medical Center (“URMC”) recently agreed to pay a $15,000 penalty for providing patient names, addresses, and diagnoses to a departing nurse practitioner (“NP”) without first obtaining authorization...more

2016 HIPAA Audits to Begin: Are you Confident in Your HIPAA Compliance?

Although the Health Insurance Portability and Accountability Act, or “HIPAA,” has been around since 1996, with its implementing regulations first published in the early 2000s, it is definitely not “old news.” In light of...more

Four Questions to Ask before Disclosing (or Withholding) PHI in Transaction Due Diligence

HIPAA’s restrictions on the use or disclosure of protected health information (“PHI”) by a covered entity or business associate may be familiar to many in healthcare. Also familiar may be the exception that allows covered...more

OCR issues new guidance on individuals’ access to PHI: Is your access policy compliant?

On Jan. 7, 2016, the Office of Civil Rights (OCR) issued new guidance (Guidance) on the right of individuals under the HIPAA Privacy Rule to access their protected health information (PHI). In the Guidance, the OCR indicated...more

Initiative to Improve Quality After Discharge: New Caregivers’ Laws

This month Indiana, Illinois, California, Oregon, and New Hampshire join 11 other states with newly effective Care Advise Record Enable (CARE) laws requiring hospitals to give patients the opportunity to designate caregivers...more

HHS Removes Barriers to Reporting Federal Mental Health Prohibitor Status for Gun Background Checks

On January 6, 2016, the U.S. Department of Health and Human Services (HHS) released a modification to the Health Insurance Portability and Accountability Act (HIPAA) removing barriers to reporting federal mental health...more

New HIPAA Privacy Rule Permits Disclosures to Background Check System

On January 6, 2016, the U.S. Department of Health and Human Services (HHS) issued a final rule amending the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to strengthen the current background check...more

HHS issues new guidance on individual access to PHI under HIPAA

On January 7, 2015, HHS issued new guidance (Guidance) regarding an individual’s right to access his or her health information under HIPAA’s Privacy Rule. The Guidance emphasizes that HIPAA, while protecting the privacy and...more

Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks

When asked who should buy cyber insurance, one expert responded, “more companies than realize it.” The truth is, almost every company in the country collects its customers’ or its employees’ Personally Identifiable...more

2015 – The Health Law Year in Review

With 2015 in the books, we are pleased to reflect on some of the major developments over the past year in the field of health law. The year was marked by changes in Medicare payment models—from government pronouncements...more

The University Of Washington Medicine Agrees To Settlement For Potential HIPAA Violations

The University of Washington Medicine (“UWM”) has agreed to settle the investigation conducted by the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) of potential HIPAA violations arising from a...more

WEBINAR: Cloud Computing & Health Care Organizations - Critical Privacy & Security Issues

More and more organizations are turning to the cloud because of how flexible and low-cost it is. As a result, many health care organizations are now using cloud-based servers to store patient information and are discovering...more

Blog: University of Washington Medicine Agrees to Settle Alleged HIPAA Breach

Last week, the University of Washington Medicine (UWM), an affiliated covered entity that includes multiple entities such as the University of Washington Medical Center, agreed to settle alleged violations of the Health...more

University with Multiple Covered Entity Components Enters Into $750,000 HIPAA Settlement

On December 14, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a $750,000 settlement with the University of Washington (UW). This is the third HIPAA settlement announced by OCR...more

MaineGeneral Health suffers cyber-attack

MaineGeneral Health (MaineGeneral), located in Augusta, Maine notified employees and patients last week that personal information and protected health information was compromised in a cyber-attack last month. The health care...more

Systemic Cyber Risks And The Internet of Things

Companies’ awareness of “cyber” risks has increased significantly because of large and highly publicized data security breaches, such as Target and Home Depot. Companies are starting to more proactively manage the risk of...more

Triple-S Management Corporation Will Pay $3.5 Million To Settle Potential HIPAA Violations

On November 30, 2015, the United States Department of Health and Human Services Office for Civil Rights (“OCR”) announced that Triple-S Management Corporation had agreed to pay $3.5 million to settle potential violations of...more

Laptop Security Breach Leads to $850,000 HIPAA Settlement Payout

On November 19, 2015, Lahey Hospital and Medical Center (“Lahey”) entered into an $850,000 settlement with the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) for alleged violations of...more

HIPAA and Health Care Data Privacy – 2015 Year in Review

As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015. Incredibly large data breaches became...more

Blog: Lahey Hospital Agrees to Settle Alleged HIPAA Breach

Recently, Lahey Hospital and Medical Center (Lahey), a nonprofit teaching hospital located in Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by...more

Recent HIPAA settlements emphasize importance of robust compliance program

Two recent HIPAA settlements remind organizations subject to HIPAA of the importance of having a robust HIPAA privacy and security compliance program in place. Most recently, on Nov. 30, 2015, the Office of Civil...more

611 Results
|
View per page
Page: of 25

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×