Protected Health Information Health Care Providers

News & Analysis as of

Lessons Gleaned From Recent HIPAA Settlements: An Ounce of Prevention is Worth a Pound of Cure: How Recent OCR Enforcement...

HIPAA enforcement has been on the rise during the last several years, and the dollar impact of those settlements has continued to grow significantly. The Department of Health and Human Services, Office of Civil Rights (OCR)...more

What's "Hidden" in the 21st Century Cures Act for Health Care Entities

The 21st Century Cures Act (Cures) was signed into law December 13, 2016. While the primary focus of the 996-page Act centered on biomedical innovation, several components of Cures have significant implications for health...more

$5.5 Million HIPAA Settlement Matches Largest Payment To-Date

On February 16, 2017, the U.S. Department for Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced that Memorial Healthcare Systems of Florida (“MHS”) agreed to pay $5.5 million and enter into a...more

Technical Noncompliance with HIPAA Can Lead to Big Penalties

As discussed in prior client alerts, the Office of Civil Rights (OCR), the agency charged with HIPAA enforcement, has increased HIPAA compliance initiatives in recent months and is poised to continue its enforcement...more

To Settle or Not to Settle – That Is the Question Raised by Recent HIPAA CMPs

On February 1, 2017, the Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that the Children’s Medical Center of Dallas (“Children’s”) has paid a civil monetary penalty (“CMP”) of $3.2 million...more

TortSource: Ransomware: A Reportable Breach?

In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more

HIPAA Enforcement Update (October 2016 – January 2017)

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

Lack of Timely Action and Knowledge of Risk Results in $3.2 Million Civil Monetary Penalty for HIPAA Violations

Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect...more

Children’s Medical Center of Dallas Clobbered by OCR

In a rare move by the OCR, it assessed a $3.2 million fine against Children’s Medical Center of Dallas (Children’s) after it issued a Notice of Proposed Determination against Children’s and Children’s failed to request a...more

Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights in 2015 & 2016

The last time this blog presented an overview of key HIPAA settlement agreements at the Office for Civil Rights in the U.S. Department of Health and Human Services was a review of 2014. The number of complaints that year had...more

Heighten Importance for March 1, 2017 HIPAA Small Breach Reporting Deadline

With OCR’s recent announcement of its first enforcement action for lack of timely breach notification and its increased focus on small breaches, the upcoming annual reporting deadline for small breaches takes on increased...more

Cancer Services Provider Confronts Ransomware Bully

My newest hero in the fight against ransomware is Little Red Door Cancer Services of East Central Indiana (Little Red Door). I am sending a donation to it to celebrate its courage in the last few weeks. Little Red Door...more

Data Breach Class Action Reinstated Against Horizon Healthcare Services Inc.

The U.S. Court of Appeals for the Third Circuit has vacated a district court's dismissal of a data breach class action filed against Horizon Healthcare Services Inc., in the wake of the 2013 theft of two computer laptops...more

The Price of PHI – A $2.2 Million USB Drive

A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life...more

Health Care E-Note - January 2017

On October 4, 2016, The Centers for Medicare and Medicaid Services ("CMS") released the final rules regarding the requirements of participation for skilled nursing facilities. One of the most significant changes to the...more

Health Care Group News: OCR Releases New Clarifying Guidance In Response To Orlando Pulse Nightclub Attack

In an emergency, when there is a flurry of activity in a hospital, covered entities often struggle with who they are permitted to release patient information to under HIPAA. On January 11, 2017, the Department of Health and...more

New Hampshire Psychiatric Hospital Patient Records Posted Online by Former Patient

The New Hampshire Department of Health and Human Services has notified up to 15,000 patients of its psychiatric hospital (New Hampshire Hospital) that their names, addresses, Social Security numbers, Medicaid ID numbers and...more

Breach of Privacy Prompts Breach of Etiquette: DHHS Sets New Precedent in Privacy Breach Enforcement

On January 9, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) took action against a health system for non-timely reporting of a breach of protected health information. It was the first...more

2017 Health Information Privacy and Security New Year’s Resolutions

To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then...more

Three-Month Delay Means Health Network Must Pay

A delay in reporting a HIPAA violation can result in a significant monetary penalty. That was the message sent by the Office for Civil Rights (OCR), which recently announced the first HIPAA settlement based on the untimely...more

Looking Back at the HIPAA Resolution Agreements in 2016

In 2016, Health and Human Services’ (HHS) Office for Civil Rights (OCR), the enforcement arm for HIPAA, continued robust enforcement efforts. There were 12 reported resolution agreements (RA) in 2016. An RA is a settlement...more

November the Worst Month Yet for Healthcare Breaches

We have repeatedly reiterated numerous warnings to the healthcare industry about malware and ransomware [see related posts here and here]. Our predictions have unfortunately become true, as November was the worst month ever...more

Significant Changes to Health Information Technology Found in 21st Century Cures Act

On December 13, 2016, President Obama signed the 21st Century Cures Act ("Cures Act"), H.R. 34, into law. It enjoyed bipartisan support and was overwhelmingly approved by the House and Senate in recent weeks. The expansive...more

2016 Health Care Year in Review

Since I began writing this year-end review in 2013, there have been some common themes – a shift to pay for quality and away from fee-for service, much of which has been brought about by the Affordable Care Act (ACA): efforts...more

21st Century Cures Act Includes Prohibition on Information Blocking and Mandates for Additional HIPAA Guidance

On November 30, 2016, the U.S. House of Representatives voted strongly in favor of the 21st Century Cures Act (the Act), an expansive health bill that addresses the discovery and development of new medical therapies as well...more

233 Results
|
View per page
Page: of 10
Popular Topics

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×