News & Analysis as of

OCR Releases Information on What Phase 2 HIPAA Audits Will Look Like

The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more

HHS releases Security Risk Assessment Tool to Help Providers with HIPAA Compliance

In collaboration with the HHS Office for Civil Rights, the Office of the National Coordinator for Health Information Technology released a new tool designed to help practices conduct and document a comprehensive assessment to...more

HIPAA Security Risk Assessment Tool Released by HHS

HIPAA security risk assessment (SRA) tool was recently made available through HHS. The tool was developed as a collaborative effort between the HHS Office of the National Coordinator for Health Information Technology (ONC),...more

New Resource Available to Providers for HIPAA Security Rule Compliance

On March 28, 2014, the U.S. Department of Health and Human Services (“HHS”) announced the release of a security risk assessment (“SRA”) tool to assist small- to mid-sized providers in conducting risk assessments of their...more

Hospital Executive Indicted for Allegedly Lying about Meaningful Use of Electronic Health Records

A hospital executive was recently indicted for allegedly submitting a false attestation regarding a hospital’s “meaningful use” of electronic health records (“EHR”) technology through the Medicare EHR incentive program. This...more

HHS Releases Guidance On Disclosure Of Mental Health Information Under HIPAA

The HHS Office for Civil Rights issued guidance in question-and-answer format clarifying when a provider may release information regarding a patient’s mental health to family members, friends, law enforcement, and others. The...more

HHS Settlement: Reminder That HIPAA Applies To Local Governments Big And Small

The U.S. Department of Health and Human Services Office for Civil Rights (HHS) recently announced that it had reached an agreement with Skagit County, Washington to settle potential HIPAA violations involving the County...more

HHS Reports First HIPAA Settlement with a County Government

According to a HHS press release issued last Friday, Skagit County, Washington, has agreed to a $215,000 settlement with the agency to resolve allegations that the county’s HIPAA compliance program was deficient. The Skagit...more

HHS Rule Grants Patients Direct Access to Lab Test Results

The U.S. Department of Health and Human Services (HHS) recently published a Final Rule granting patients and their personal representatives access to the patient’s completed laboratory test reports directly from the lab...more

HHS Extends Patient Access To Laboratories

On February 6, 2014, the Department of Health and Human Services (HHS) published a Final Rule amending regulations implementing the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance...more

Department Of Health And Human Services Office Of Inspector General's FY 2014 Work Plan Identifies Security Of EHR Technology As...

On January 31, 2014, the U.S. Department of Health and Human Services ("HHS") Office of Inspector General ("OIG") released its annual work plan. Not surprisingly, issues relating to Electronic Health Records ("EHRs")...more

Health Care Entity Pays $150,000 to HHS as a Result of Stolen Thumb Drive Containing PHI

Encrypting USB drives, analyzing security risks, and implementing breach notification policies and procedures could mean the difference between compliance with the Health Insurance Portability and Accountability Act (“HIPAA”)...more

H.H.S. Proposed Rule Affects HIPAA Privacy Rule And Background Check Reporting

The Department of Health and Human Services (HHS) has released a proposed rule that would modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule by allowing health care providers to make certain...more

HHS Announces First HIPAA Settlement Based on Lack of Breach Notification Policies and Procedures

The Department of Health and Human Services (HHS) recently announced the first settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) based on violations of the law's privacy, security,...more

Settlement Reached Regarding Dermatology Practice’s HIPAA Violation

Adult and Pediatric Dermatology (A&P Dermatology) of Concord, Massachusetts has entered into a resolution agreement with the Department of Health and Human Services (HHS) to settle potential violations of the Health Insurance...more

CMS and OIG Finalize Extension of Federal Stark Exception and Anti-Kickback Safe Harbor for Electronic Health Record Donations

On Friday, December 27, 2013, the Centers for Medicare & Medicaid Services (“CMS”) and the Office of the Inspector General (“OIG”) of the Department of Health and Human Services published complementary final rules in the...more

EHR Donation Exception and Safe Harbor Modified and Extended through 2021

On December 27, 2013, the Centers for Medicare & Medicaid Services and the Office of the Inspector General, both of the Department of Health and Human Services, issued closely coordinated rules (“Final Rules”) extending the...more

Extension of and Modification to Regulatory Protections for Donated EHR

In the December 27, 2013 edition of the Federal Register, the Office of Inspector General (“OIG”) and Centers for Medicare and Medicaid Services (“CMS”), both within the U.S. Department of Health and Human Services (“HHS”),...more

Healthcare Privacy – 2013 Year in Review

On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more

Providers: Prepare Your Breach Notification Policy!

On December 26, 2013, Adult & Pediatric Dermatology, a dermatology practice located in Massachusetts, agreed to pay a $150,000 fine after it lost an unencrypted thumb drive containing over 2,000 patients’ health records, and...more

HHS Gives A Thumbs Down For Stolen Thumb Drive

On December 26, 2013, the U.S. Department of Health and Human Services Office for Civil Rights (HHS) announced that it had reached an agreement with a Northeastern dermatology practice to settle potential HIPAA violations...more

HHS Closes Out 2013 with 6th Resolution Agreement

Throughout 2013, HHS OCR has stated that covered entities of all sizes need to give priority to securing ePHI. In addition, HHS OCR has recommended that covered entities identify and mitigate risks before an incident occurs....more

Texas to Launch Nation's First Privacy and Security Certification "Safe Harbor"

The Texas Health Services Authority (THSA) recently announced its selection of the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), the most widely adopted information privacy and security...more

OIG Finds Office for Civil Rights Did Not Meet All Requirements For Oversight and Enforcement of the HIPAA Security Rule

According to the Office for the Inspector General (OIG) of the Department of Health & Human Services (HHS), the Office for Civil Rights (OCR) has accomplished certain requirements, but it has not satisfied others that are...more

HHS Delays NPP Amendment Requirement for Laboratories Regulated Under CLIA

Under the HIPAA Privacy Rule, a Covered Entity is required to revise its notice of privacy practices (“NPP”) where there is a material change to any of its privacy policies. The HIPAA/HITECH Omnibus Final Rule (the “Omnibus...more

137 Results
|
View per page
Page: of 6