News & Analysis as of

OCR Releases Information on What Phase 2 HIPAA Audits Will Look Like

The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more

HIPAA Security Risk Assessment Tool Released by HHS

HIPAA security risk assessment (SRA) tool was recently made available through HHS. The tool was developed as a collaborative effort between the HHS Office of the National Coordinator for Health Information Technology (ONC),...more

HHS Extends Patient Access To Laboratories

On February 6, 2014, the Department of Health and Human Services (HHS) published a Final Rule amending regulations implementing the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance...more

En Español: HHS Agencies Issue Model Notices of Privacy Practices in Spanish

Last week, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and Office for the National Coordinator for Health Information Technology (ONC) issued model Notices of Privacy Practices (NPPs) in...more

OCR Proposes HIPAA Amendments to Address Gun Violence

As we previously reported, President Obama has made it a priority to improve the National Instant Criminal Background Check System (“NICS”). Last week, more than eight months after the issuance of a advance notice of...more

Healthcare Privacy – 2013 Year in Review

On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more

HHS Closes Out 2013 with 6th Resolution Agreement

Throughout 2013, HHS OCR has stated that covered entities of all sizes need to give priority to securing ePHI. In addition, HHS OCR has recommended that covered entities identify and mitigate risks before an incident occurs....more

OIG Finds Office for Civil Rights Did Not Meet All Requirements For Oversight and Enforcement of the HIPAA Security Rule

According to the Office for the Inspector General (OIG) of the Department of Health & Human Services (HHS), the Office for Civil Rights (OCR) has accomplished certain requirements, but it has not satisfied others that are...more

OCR Issues Guidance on HIPAA Refill Reminder Marketing Exception, and other Modifications to Privacy Protections

On September 19, 2013, the Office of Civil Rights of the Department of Health and Human Services (“OCR”) released guidance on a number of privacy protections, the most significant of which relates to the refill reminder...more

OCR Releases Model Notices of Privacy Practices

Under the Privacy Rule, an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that...more

Hearing to Address HIPAA Accounting of Disclosures

The HHS Office of Civil Rights (OCR) announced that the Health Information Technology (HIT) Policy Committee’s Privacy and Security Tiger Team will hold a virtual, public hearing on Monday, September 30 from 11:45 a.m. to...more

It's Never Too Late To Give Guidance: OCR Starts Releasing HIPAA Omnibus Rule Guidance In Anticipation Of September 23 Compliance...

This has been a busy week for the Department of Health and Human Services / Office for Civil Rights (HHS/OCR). It has started releasing guidance on various provisions of the Omnibus HIPAA final rule (the "Final Rule") in...more

Business Associate Definition Expanded and HHS Empowered to Impose New Civil Fines

Long-awaited omnibus regulations (Omnibus Rule) adopted earlier this year by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) made significant modifications impacting “business associates” to...more

Polsinelli Releases A HIPAA Business Associate Guide

In 2009, the Health Information Technology for Economic and Clinical Health Act ("HITECH") modified a number of provisions of the Health Insurance Portability and Accountability Act ("HIPAA") to strengthen HIPAA's privacy and...more

Settlement Emphasizes the Need for HIPAA Risk Management

A HIPAA violation involving a health plan’s failure to erase protected health information from photocopier hard drives has resulted in a $1.2 million settlement. Your risk can be significantly reduced if you adopt and...more

Health plan pays for failing to erase data on leased equipment: two takeaways for companies handling electronic PHI

The Office for Civil Rights (OCR) has announced a settlement between the US Department of Health and Human Services and Affinity Health Plan, Inc. to address potential violations of the Health Insurance Portability and...more

Health Plan Settles HHS OCR Investigation Related to Photocopier Breach for $1.2m

The Department of Health and Human Services Office for Civil Rights (HHS OCR) today announced its 4th resolution agreement of 2013....more

Shasta Regional Medical Center Pays $275,000, Enters into Corrective Action Plan to Resolve Alleged HIPAA Privacy Rule Violations...

Shasta Regional Medical Center (Shasta) has agreed to pay $275,000 and enter into a corrective action plan (CAP) with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) to resolve allegations that...more

Is Your Firewall On? Are You Sure? Idaho State University Settles Privacy Rule Violations for $400,000

The HHS Office of Civil Rights (OCR) recently announced a $400,000 settlement with Idaho State University (ISU) following a lengthy investigation of the privacy and security practices at ISU outpatient clinics. In addition to...more

OCR Settles with Shasta Regional Medical Center for $275,000

The HHS Office of Civil Rights (OCR) recently announced a $275,000 settlement with Shasta Regional Medical Center (SRMC) on the heels of an investigation triggered by a Los Angeles Times article indicating that senior...more

Under HIPAA, You Have the Right to Remain Silent

Last week a regional California medical center entered a $275,000 settlement for disclosing patient information to the media, spotlighting HIPAA’s tight reign over covered health providers even when they try to defend their...more

Hospital Disclosure of PHI to Media and Workforce Results in $275,000 Fine

HHS OCR announced today its second resolution agreement of 2013. Shasta Regional Medical Center (SRMC) has agreed to pay $275,000 and enter into a comprehensive corrective action plan (CAP) to settle an investigation opened...more

Large Educational/Health System Targeted For HIPAA Enforcement

Idaho State University (ISU) was recently the target of an investigation and enforcement action for violations of the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA)....more

First HIPAA Resolution Agreement of 2013 — and it certainly will not be the last

The HHS Office of Civil Rights (OCR) announced its first HIPAA Resolution Agreement of 2013 last week. According to the press release, Idaho State University (ISU) must pay OCR $400,000 and comply with the terms of a...more

HHS Empowers Consumers to Know (and Enforce) their Rights Under HIPAA

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance...more

80 Results
|
View per page
Page: of 4