Protected Health Information Compliance

News & Analysis as of

OCR Expected to Strengthen HIPAA Enforcement in 2016

Two recent reports issued by the Office of Inspector General (“OIG”) for the U.S. Department of Health and Human Services (“HHS”) recommended that HHS’s Office for Civil Rights (“OCR”) should fully implement a permanent audit...more

HIPAA Fine Underscores OCR’s Focus on Physician Group Compliance

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more

OIG Reports Insufficient Oversight Of HIPAA Compliance

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

Is Your HIPAA Compliance Program Ready for the FTC?

Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more

OCR Enters into $750,000 Settlement with Physician Practice for HIPAA Violations

On September 2, the Department of Health and Human Services Office of Civil Rights (OCR) announced a settlement with Cancer Care Group, P.C., a thirteen-physician oncology practice in Indiana related to violations of the...more

OCR settlement reiterates importance of proactive security rule compliance

On September 2, 2015, the U.S. Department of Health & Human Services (HHS) announced that Cancer Care Group, P.C. (CCG), a physician practice located in Indiana, agreed to pay $750,000 as part of a settlement to resolve...more

$750,000 Settlement Agreement Reiterates Importance of HIPAA Security Rule Compliance

On September 2, 2015, the U.S. Department of Health and Human Services ("HHS") announced that it had entered into a Settlement Agreement with an Indiana-based medical practice for alleged violations of the Health Insurance...more

Blog: St. Elizabeth’s Medical Center Reaches Agreement to Settle Alleged HIPAA Breach

Last week, St. Elizabeth’s Medical Center (SEMC), a hospital located in Brighton, Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying...more

Recent HHS Settlement Highlights Risks of Electronically-Sharing Protected Health Information

On July 10, 2015, the United States Department of Health and Human Services Office for Civil Rights (OCR) announced its second settlement of the year for violations of the Health Insurance Portability and Accountability Act...more

Blog: HIPAA FAQ Series: Are Covered Entities and Business Associates Required to Encrypt PHI?

The Health Insurance Portability and Accountability Act (HIPAA) mandates that both Covered Entities and Business Associates protect the security of Protected Health Information (PHI) in a variety of ways. Specifically,...more

Data Breach Nightmare Scenario: News Affiliate Reports Improper Disposal of Patient Information

A tip from a local Denver news outlet lead to a compliance review, investigation and ultimately a resolution agreement between the Department of Health and Human Services’ Office for Civil Rights (“OCR”) and Denver-based...more

Recent 11th Circuit Cases Provide Important HIPAA Guidance - Healthcare Providers Should Be Proactive by Reviewing Their HIPAA...

On Oct. 10, 2014, the 11th Circuit opinion in Murphy v. Dulay provides significant guidance regarding HIPAA authorization forms. One of the most important provisions of the opinion focuses on the fact that HIPAA...more

Action Required for Covered Entities, Business Associates and Their Subcontractors

Early last year, the Department of Health and Human Services issued final privacy and security regulations (Final Rule) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Final Rule, effective...more

Perspectives - June 2014

In This Issue: - Staying in Compliance While Giving or Receiving Electronic Health Record Systems - When Donations Cross the Line - House Bill 296 Signed into Law to Increase Access to Epinephrine Autoinjectors...more

Policyholders Face Heightened Scrutiny Under OCR’s New Permanent Audit Program

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has notably increased enforcement of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) and Health Information...more

Hospital Executive Indicted for Allegedly Lying about Meaningful Use of Electronic Health Records

A hospital executive was recently indicted for allegedly submitting a false attestation regarding a hospital’s “meaningful use” of electronic health records (“EHR”) technology through the Medicare EHR incentive program. This...more

HHS Reports First HIPAA Settlement with a County Government

According to a HHS press release issued last Friday, Skagit County, Washington, has agreed to a $215,000 settlement with the agency to resolve allegations that the county’s HIPAA compliance program was deficient. The Skagit...more

U.S. Privacy and Data Protection: 2013 Year in Review and a Look Ahead to 2014

In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet. Our panel of...more

Accretive Health Data Breach Leads To Twenty-Year Settlement With The FTC

On December 31, 2013, the Federal Trade Commission ("FTC") announced that Accretive Health, Inc., ("Accretive") agreed to settle charges that the company's inadequate data security measures exposed sensitive consumer...more

HHS Gives A Thumbs Down For Stolen Thumb Drive

On December 26, 2013, the U.S. Department of Health and Human Services Office for Civil Rights (HHS) announced that it had reached an agreement with a Northeastern dermatology practice to settle potential HIPAA violations...more

The Cloud: Google Apps for Business and HIPAA Compliance

Does your company use Google Apps for Business? Are you a health care provider, health plan, or health care clearinghouse (“Covered Entity” or “Covered Entities”) subject to the Health Insurance Portability and Accountability...more

Practical Suggestions For Law Firm Compliance With HIPAA

Under the Health Insurance Privacy and Accountability Act of 1996 (“HIPAA”), health plans, health care clearinghouses, and most health care providers (collectively, “Covered Entities”) must protect the privacy and security of...more

HIPAA Compliance And September 23, 2013 — The Day The World Did NOT End

Everyone old enough to remember will recall Y2K – the year our world was supposed to end in a catastrophic transition from December 31, 1999 to January 1, 2000. Instead, since we are still here, we all recall what happened –...more

HIPAA Omnibus Rule Compliance Deadline

September 23, 2013, the deadline for compliance with the new Health Insurance Portability and Accountability Act (HIPAA) regulations, is here. Although there has been much discussion about the new regulations since they were...more

Ready For HITECH Changes On September 23, 2013? Find Out With This Compliance Checklist For Employer-Sponsored Health Plans

The final regulations implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act were issued in January and compliance is required by September 23, 2013. The final regulations require covered...more

57 Results
|
View per page
Page: of 3
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×