Protected Health Information Business Associates

News & Analysis as of

HIPAA for HR - Some Good News for Employers

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that was enacted to ensure protection of individuals’ protected health information (PHI). The Standards for Privacy of Individually...more

HIPAA Enforcement Update (October 2016 – January 2017)

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

Tracking the Data Bandits

In the iconic western, Butch Cassidy and the Sundance Kid, Butch and Sundance are hard pressed to evade a posse led by the semi-mythical lawman, Joe Lefors, who is so adept that he manages to track them across solid rock. The...more

HHS Gets Agressive: HIPAA Audits from 2016

HHS has become more aggressive with audits, and with increased penalties, covered entities and business associates simply cannot afford an audit on HIPAA rules and regulations. In March of 2016, HHS's Office for Civil Rights...more

Looking Back at the HIPAA Resolution Agreements in 2016

In 2016, Health and Human Services’ (HHS) Office for Civil Rights (OCR), the enforcement arm for HIPAA, continued robust enforcement efforts. There were 12 reported resolution agreements (RA) in 2016. An RA is a settlement...more

November the Worst Month Yet for Healthcare Breaches

We have repeatedly reiterated numerous warnings to the healthcare industry about malware and ransomware [see related posts here and here]. Our predictions have unfortunately become true, as November was the worst month ever...more

21st Century Cures Act - HIPAA & Other Privacy Considerations

On December 13, 2016, President Obama signed the 21st Century Cures Act (the Cures Act) into law. The Cures Act addresses a wide range of healthcare topics including clinical research, treatment of mental health and substance...more

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

UMass Amherst Settles HIPAA Violations with OCR for $650,000

The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a...more

HHS Issues Warning About Phishing Campaign Disguised As Official Communication

As part of its efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) engages in audits of covered...more

OCR Alerts Listservs About Fake Phishing Email to Covered Entities and Business Associates

On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

OCR Stresses Importance of Authentication in Newsletter

In a recent newsletter, the Office for Civil Rights (OCR) encourages health care organizations to review their procedures around authentication and “ensure that they have the appropriate safeguards in place.”...more

HIPAA Audits – Phase 2: On-Site Audits Scheduled for First Quarter of 2017

Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators. The U.S. Department of Health and Human Services Office for Civil Rights...more

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

FTC Issues Compliance Guidance for Organizations that Share and Collect PHI

The Federal Trade Commission (FTC) recently issued Guidance to remind HIPAA compliant organizations that share and collect protected health information (PHI) for commercial activities that they must also comply with FTC Act...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

Recent HIPAA Settlements Highlight Importance Of Business Associate Agreements

Two related healthcare companies were forced to pay settlements with the federal government totaling over $500,000 over allegations relating to a data breach involving patient health information. Much of the negative...more

Clouding the Issue: Impact of Cloud-Based Software Service Providers on HIPAA Covered Entities and Business Associates

The message from patients to healthcare providers is clear: increase the quality of health services while decreasing cost.  The message from the federal government to healthcare providers and their business associates is even...more

New HIPAA Guidance Sheds Light on Existing Rules

Recently, regulators issued new guidance related to the Health Insurance Portability and Accountability Act (“HIPAA”), Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996. Specifically, on October 6, 2016, the Department...more

OCR Explains How Information Blocking Violates HIPAA

The US Department of Health and Human Services Office for Civil Rights recently posted guidance clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a...more

Five Highlights from OCR Guidance On HIPAA Compliance In Cloud Computing

The Department of Health and Human Services’ Office of Civil Rights (OCR) has issued guidelines for HIPAA-covered entities that utilize cloud computing in processing electronic protected health information (ePHI). The...more

Health Care System’s HIPAA Security Risk Results in $2.14 Million Fine

On October 18, 2016, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that St. Joseph Health (SJH) agreed to settle allegations relating to the HIPAA Privacy and Security Rules,...more

Clouds, With A Nearly 100% Chance of a Business Associate Agreement

HHS recently posted guidance on its website addressing HIPAA’s approach to cloud computing. Basically, any time a cloud service provider has electronic protected health information (ePHI), it’s a business associate. This is...more

HHS-OCR Announces Guidance On HIPAA Compliance And Cloud Computing

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued guidance on complying with HIPAA privacy, security, and breach notification rules when using cloud computing technology...more

279 Results
|
View per page
Page: of 12
Cybersecurity

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×