News & Analysis as of

Massive Data Breach Affects 4.5 Million Patients in 29 States

Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the...more

OCR to Begin Phase 2 of HIPAA Audit Program

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will soon begin a second phase of audits (Phase 2 Audits) of compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more

OCR Annual Report Highlights Breaches Of Unsecured Protected Health Information

The Health Information Technology for Economic and Clinical Health Act ("HITECH") requires Covered Entities and Business Associates to provide notification of breaches of unsecured Protected Health Information. The Department...more

Health Law Alert: The Deadline for Amending Business Associate Agreements is Quickly Approaching

A key change from 2013’s HITECH “Omnibus” Rule was a requirement that Business Associate Agreements (“BAAs”) be modified to reflect revisions to HIPAA regulations. When the rule was issued on January 25, 2013, Covered...more

HHS Reports to Congress highlight HIPAA Compliance and Breach Activities

On June 11, 2014, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued two reports to Congress summarizing activities in calendar years 2011 and 2012. The Annual Report to Congress on...more

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured...more

The New "Meaningful Use" Landscape: A Transition from Incentives to Penalties - CMS Begins Enforcing Penalties for Failure to...

Starting in 2015, eligible physicians and hospitals participating in the Medicare Electronic Health Records Incentive Program who do not adopt "meaningful" use" certified electronic health record (EHR) technology will no...more

Health Law Alert: HIPAA Enforcement on the Rise, as OCR Audit Program Moves Forward

A recent settlement from New York—involving the largest fine levied to date in the history of HIPAA enforcement, a staggering $4.8 million imposed on two public hospitals—should remind health care providers, health plans and...more

Federal agencies propose health IT regulatory framework, seek stakeholder input and participation in new initiatives

A little more than five years after the passage of the Health Information Technology Economic and Clinical Health (HITECH) Act, the Food and Drug Administration, Federal Communications Commission and the Office of the...more

Self-pay Confidentiality Rights: How Far Do Those Rights Go?

The HIPAA Privacy Rule has always provided an individual patient the right to request special, confidential treatment of his or her protected health information (PHI). That right is not absolute, however. Covered entities...more

Health Update

Ten Years In: Charting the Progress of Health Information Exchange in the U.S. - HITECH: Federal Dollars Spur Adoption and Use: The modern era of HIE-related public policy began in May 2004 with the appointment...more

How To Analyze A HIPAA Breach

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) and subsequent regulations have changed several aspects of compliance with HIPAA, including the way covered entities should think about...more

Protect Your Blindside: Identify All HIPAA Business Associates/Subcontractors

Under the recently enacted Health Information Technology for Economic and Clinical Health (HITECH) Act, and implementing regulations, the definition of the HIPAA term "Business Associate" has been expanded. A "Business...more

Dermatology Practice Agrees to Settlement in Connection with HIPAA Breach

A Massachusetts-based dermatology practice recently agreed to pay $150,000 to settle claims that it failed to have sufficient policies and procedures in place to address a breach notification requirement under the HITECH Act....more

HHS Announces First HIPAA Settlement Based on Lack of Breach Notification Policies and Procedures

The Department of Health and Human Services (HHS) recently announced the first settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) based on violations of the law's privacy, security,...more

Settlement Reached Regarding Dermatology Practice’s HIPAA Violation

Adult and Pediatric Dermatology (A&P Dermatology) of Concord, Massachusetts has entered into a resolution agreement with the Department of Health and Human Services (HHS) to settle potential violations of the Health Insurance...more

Providers: Prepare Your Breach Notification Policy!

On December 26, 2013, Adult & Pediatric Dermatology, a dermatology practice located in Massachusetts, agreed to pay a $150,000 fine after it lost an unencrypted thumb drive containing over 2,000 patients’ health records, and...more

HHS Gives A Thumbs Down For Stolen Thumb Drive

On December 26, 2013, the U.S. Department of Health and Human Services Office for Civil Rights (HHS) announced that it had reached an agreement with a Northeastern dermatology practice to settle potential HIPAA violations...more

HHS Closes Out 2013 with 6th Resolution Agreement

Throughout 2013, HHS OCR has stated that covered entities of all sizes need to give priority to securing ePHI. In addition, HHS OCR has recommended that covered entities identify and mitigate risks before an incident occurs....more

HHS Delays NPP Amendment Requirement for Laboratories Regulated Under CLIA

Under the HIPAA Privacy Rule, a Covered Entity is required to revise its notice of privacy practices (“NPP”) where there is a material change to any of its privacy policies. The HIPAA/HITECH Omnibus Final Rule (the “Omnibus...more

Beware Of That Leased Photocopier: The PHI You Didn't Know You Had

You might be rejoicing at the thought of returning your old worn down leased photocopier and replacing it with the latest state of the art improvement in photocopier technology. But, little did you know that your old...more

Cloud Computing: Healthcare Issues in a Digital Age – (Part Two)

Hospitals and health care providers must often look to third party vendors offering cloud computing solutions, but are these companies well-prepared to meet the HIPPA/HITECH Act privacy and security requirements as well as...more

Hearing to Address HIPAA Accounting of Disclosures

The HHS Office of Civil Rights (OCR) announced that the Health Information Technology (HIT) Policy Committee’s Privacy and Security Tiger Team will hold a virtual, public hearing on Monday, September 30 from 11:45 a.m. to...more

HIPAA Omnibus Rule Compliance Deadline

September 23, 2013, the deadline for compliance with the new Health Insurance Portability and Accountability Act (HIPAA) regulations, is here. Although there has been much discussion about the new regulations since they were...more

Cloud Computing: Healthcare Issues in a Digital Age – (Part Three)

What are the challenges of PII data storage and privacy on cloud computing platforms? How does a healthcare organization work with cloud computing vendors to address key information security and privacy compliance issues? ...more

138 Results
|
View per page
Page: of 6