News & Analysis as of

Cybersecurity and the Role of ERISA Fiduciaries

The Employee Retirement Income Security Act of 1974, as amended (ERISA), protects plan participant benefits and account balances by imposing high standards of care on the plan’s fiduciaries. Fiduciaries who do not follow...more

OCR Announces Initiative to Amplify Investigations of Breaches Affecting Fewer than 500 Individuals

Taking another step toward more aggressive enforcement under the Health Insurance Portability and Accountability Act (“HIPAA”), on August 18, 2016, the U.S. Department of Health & Human Services (“HHS”) Office for Civil...more

OCR Begins HIPAA Phase 2 Audits

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

HIPAA Audit Program Update—HHS OCR Moves Forward with Desk Audits

As we previously reported, on March 21, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) launched the long-awaited Phase 2 of the audit program that is intended to assess compliance with...more

Just a Matter of Time: First-Ever Settlement of HIPAA Claims Against a Business Associate

On June 30, 2016, the Health and Human Services Office for Civil Rights (OCR) announced the first-ever settlement of Health Insurance Portability and Accountability Act (HIPAA) claims against a business associate. According...more

OCR levies first fine ever directly against business associate

Our predictions that the Office for Civil Rights (OCR) will become more aggressive with audits, investigations, and fines against HIPAA business associates has come true. On June 24, 2016, the OCR announced that it has...more

Protecting Health Plan Information Is More Important Than Ever

It’s common for employers outside the healthcare industry to believe they can avoid issues brought about by the Health Insurance Portability and Accountability Act (HIPAA) and other health plan data laws. After all, most...more

Health Law Wire: Recent HIPAA Settlements Highlight the Importance of Business Associate Agreements (5/16)

The Office of Civil Rights (OCR), the agency within the United States Department of Health and Human Services that enforces the HIPAA Privacy and Security Rules, recently sent a clear message about the importance of business...more

What's New with HIPAA?

A number of new developments have taken place related to Health Insurance Portability and Accountability Act (HIPAA) privacy and security compliance, and enforcement is increasing. Healthcare providers, health plans and other...more

Expansion of HIPAA audit program now underway

As detailed in our latest webinar, “Daunting but doable: Preparing for the next round of HIPAA audits,” the Office for Civil Rights (OCR) has begun implementing the first full-phase HIPAA audit program. The 2009 HITECH Act,...more

Department of Health and Human Services Cracks Down on Vendor Oversight in Recent Hospital Settlements

From the rise in ransomware attacks to inadvertent disclosure of information by subcontractors, the health services industry is reminded that a potential consequence of a data breach is the threat of a regulatory enforcement...more

Appeals Court Confirms that HITECH Violations Do Not Violate FCA

In an important recent decision, the Sixth Circuit Court of Appeals confirmed that a qui tam relator's claim that her former husband improperly accessed electronic protected health information (e-PHI) of her and her relatives...more

Sixth Circuit Affirms Dismissal of FCA Claim Based on Health Data Breaches

The U.S. Court of Appeals for the Sixth Circuit recently affirmed the dismissal of a False Claims Act (FCA) case premised on protected health data breaches. In United States ex rel. Sheldon v. Kettering Health Network, the...more

A New Tool for Health App Developers to Navigate a Crowded Regulatory Field

As regulators seek to define their authority and the scope of their enforcement power, more health apps will continue to flood the marketplace and transform how patients are treated. As mobile health applications...more

State AGs Upping the Ante on Health (and Other) Information Data Incidents – Expect Increased Enforcement Actions

State attorneys general (AGs) continue to emerge as major regulators of privacy, and increasingly, with respect to compromises of health-related data. Businesses concerned with U.S. customer or employee data have long...more

HHS OCR Announces Launch Of Long-Awaited Phase 2 HIPAA Audit Program

On March 21, 2016, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced the launch of its Phase 2 HIPAA compliance audits pursuant to which it will audit covered entities and...more

OCR Launches Phase 2 of HIPAA Audits

Five suggested steps healthcare organizations and their contractors should take to prepare. On March 21, the Office of Civil Rights (OCR) of the Department of Health and Human Services launched Phase 2 of the HIPAA Audit...more

OCR Kicks Off HIPAA Audits After Issuing Two Major Settlements

On March 21, 2016, the HHS Office for Civil Rights (OCR) launched phase two of its much-anticipated audit program for covered entities and business associates. The announcement comes in the wake of OCR's issuance of two major...more

HHS Fact Sheet on Your Employees’ and Clients’ Rights under HIPAA to Access their Health Information

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, contains extensive rules designed to limit access by non-health plan entities to certain individually identifiable health...more

Deadline for reporting 2015 data breaches to OCR quickly approaching

Pursuant to HIPAA/HITECH, covered entities are required to report breaches of unsecured protected health information that occurred in 2015 and affected less than 500 individuals to the Office for Civil Rights no later than 60...more

HIPAA and Health Care Data Privacy – 2015 Year in Review

As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015. Incredibly large data breaches became...more

Blog: Hospital and Vendor Reach Agreement to Settle Alleged HIPAA Violations with Connecticut AG

Last week, the Connecticut Attorney General (the “Connecticut AG”) announced that Hartford Hospital and its subcontractor, EMC Corporation (“EMC”), agreed to settle potential violations of the Health Insurance Portability and...more

OIG Reports Insufficient Oversight Of HIPAA Compliance

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

Don't Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more

Proceed With Caution: Does HIPAA Apply to Your Business?

Even if your business is not in the health care industry, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as updated by the Health Information Technology for Economic and Clinical Health Act (HITECH...more

164 Results
View per page
Page: of 7
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.