News & Analysis as of

Protected Health Information Covered Entities

Is it HIPAA or HIPPA? Either way, it still applies.

by Winstead PC on

I have negotiated hundreds of SaaS agreements for dozens of software companies and I always hated when the company on the other side was a healthcare provider. Invariably, they would bring up Protected Health Information...more

Don’t Forget HIPAA’s “Minimum Necessary” Rule When Making Health Information Disclosures

by Nossaman LLP on

When Covered Entities or Business Associates or their counsel analyze whether a particular disclosure of Protected Health Information (or “PHI,” as defined in HIPAA) is permissible, they should be sure also to analyze whether...more

[Webinar] - Your Money or Your PHI: HHS "Guidance" on Ransomware - October 10th, 1:00pm CT

In recent years, HIPAA enforcement actions and penalties have increased both in volume and amount. Ransomware is the fastest growing malware threat to businesses that use electronic data. This webinar will provide listeners...more

HHS Issues Limited Waiver of HIPAA Sanctions Post-Hurricane Harvey

The U.S. Department of Health and Human Services (HHS) has used its authority to waive certain provisions of HIPAA in response to Hurricane Harvey. HHS previously declared a public health emergency in Texas and Louisiana...more

Hurricane Harvey, HIPAA, and Access to Health Information

Hurricane Harvey has been pummeling the Gulf Coast since Monday, with nearly 52 inches of rainfall in parts of Texas. The storm has displaced thousands of people from their homes and has resulted in over 30 reported deaths....more

Another Key to HIPAA Compliance – Have Policies and Procedures and Implement Them, Too

by Williams Mullen on

On this blog, we have discussed the criticality of risk analyses – the assessment required by the Security Rule of the “risks and vulnerabilities” that an organization faces with respect to all of its electronic protected...more

HIPAA Settlements in April and May Highlight Key Compliance Concerns for OCR

by Williams Mullen on

After a break in March with no new settlement agreements, OCR returned in April and May with quite a few. The Health Care Data Aware Blog already posted about a $400,000 OCR settlement released April 12, 2017, which can be...more

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

by Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

New HHS Cybersecurity Preparedness Checklist

by Carlton Fields on

The Department of Health and Human Services’ Office of Civil Rights (OCR) recently published a checklist to guide HIPAA-covered entities and business associates through an appropriate response to a ransomware or cybersecurity...more

OCR Publishes Checklist and Infographic for Cyber Attack Response

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

Causes of Healthcare Data Breaches (Update)

by Bryan Cave on

Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), covered entities (e.g. healthcare providers and health plans) must notify the Department of Health and Human Services (“HHS”) of breaches...more

Complying With HIPAA Following a Ransomware Attack

by Morris James LLP on

In 2016, the U.S. Department of Health and Human Services (“HHS”) issued guidance to help covered entities and business associates understand, among other things, how to respond appropriately to ransomware attacks under the...more

Impermissible Disclosure of HIV Information Results in $387,000 HIPAA Settlement

St. Luke’s-Roosevelt Hospital Center, Inc. (SLRHC), a member of the New York-based Mount Sinai Health System, paid $387,000 to the U.S. Department of Health and Human Services (HHS) and entered into a corrective action plan...more

HIPAA spring check-up: Your obligations to safeguard third-party patient health information in medical records produced in...

You’ve had your apple a day, but you can’t keep the subpoenas away… And, if your organization is facing a request seeking records or other materials that may contain patient health information (“PHI”), it bears...more

Employers: Are You Ready for a Cyberwar? Attackers Using Ransomware are Saying Show Me Your Bitcoin!

by Dechert LLP on

Recently, the WannaCry ransomware attack impacted 150 countries and over 300,000 computers. Not all ransomware attacks are so massive but they all are fast moving and require swift action to prevent destruction and lose of...more

Potential HIPAA Pitfalls for Developers of Healthcare Apps

by Perkins Coie on

As federal and state governments struggle to address future healthcare regulation, demand for healthcare that is cheaper, better and faster continues to surge. Every day, new healthcare apps are being developed to respond...more

Tips for Ensuring Your Organization Is HIPAA Compliant Amid Increased Enforcement Activity

Thus far in 2017, the U.S. Department of Health and Human Service’s Office for Civil Rights has continued the step-up in HIPAA enforcement activity we saw in 2016 and appears on track to exceed 2016’s enforcement...more

6 Takeaways from Memorial Hermann HIPAA Settlement: Press Releases Lead to $2.4 Million Payout

by Fox Rothschild LLP on

On April 26, 2017, Memorial Hermann Health System (“MHHS”) agreed to pay the U.S. Department of Health and Human Services (“HHS”) $2.4 million to settle potential violations of the Health Insurance Portability and...more

Failure to Ensure Vendor Safeguarded Protected Health Information Costs Small Health Care Provider $31,000

by Reed Smith on

Having proper internal systems and procedures in place to manage data security is essential for organizations storing personal information in any industry. But health care organizations that rely on external vendors to...more

Securing ePHI in a Mobile Health World

Could a lost cell phone or laptop cost your organization millions of dollars? Mobile devices have enabled vast improvements in the efficiency and quality of healthcare delivery. ...more

Button up Your Business Associates Agreements or Pay the Price

by Bryan Cave on

Last month, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced a resolution agreement with the Center for Children’s Digestive Health (CCDH) which included a $31,000...more

Settlement Highlights Need for HIPAA-Covered Entities to Have Business Associate Agreements in Place with PHI Vendors

by Dickinson Wright on

The Department of Health and Human Services’ Office for Civil Rights (ORC) announced an agreement to settle possible Health Insurance Portability and Accountability Act (HIPAA) violations with The Center for Children’s...more

Your Business Associates Hold Your HIPAA Compliance Future In Their Hands: Eleven Things You Can Do

by Fox Rothschild LLP on

Our partner Elizabeth Litten and I were recently featured again by our good friend Marla Durben Hirsch in her article in the April 2017 issue of Medical Practice Compliance Alert entitled “Business associates who farm out...more

Another HIPAA Settlement: Stolen Laptop Costs $2.5 Million Plus Encryption Requirement

by Perkins Coie on

The U.S. Department of Health and Human Services (HHS) recently announced yet another HIPAA privacy and security settlement involving Protected Health Information (PHI) on a stolen laptop. Although this might be seen as just...more

A Draft Won’t Do: OCR Settles with CardioNet $2.5m for Failing to Finalize Policies and Procedures

On April 24, 2017, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac...more

299 Results
|
View per page
Page: of 12
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.