News & Analysis as of

Risk Assessment Dept. of Health and Human Services

OIG Unveils New Work Plan Process: Assessing the Impact on Compliance Risk Assessment

by Baker Ober Health Law on

On June and July 17, 2017, the Department of Health and Human Services, Office of Inspector General (OIG) released new Work Plan initiatives and, in doing so, announced its intent to update its Work Plan monthly, in lieu of a...more

Compliance 2.0 and the Significance of HHS OIG’s 2017 Resource Guide: “Measuring Compliance Program Effectiveness”

by King & Spalding on

On March 27, 2017, in conjunction with the Health Care Compliance Association (“HCCA”) annual Compliance Institute (“CI”), the Department of Health and Human Services (“HHS”), Office of the Inspector General (“OIG”) released...more

Gone Phishin’: Hack Leads to HIPAA Settlement

Earlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam. The phishing scam, carried...more

What Did They Say About Cybersecurity in 2016? 8 Proclamations from Regulators and the Courts

by Orrick - Trust Anchor on

There is no such thing as compliance with the NIST Cybersecurity Framework (FTC). In September, the FTC dispelled a commonly held misconception regarding the NIST Framework: It “is not, and isn’t intended to be, a standard or...more

New Initiatives for the New Year: Highlights of the OIG’s 2017 Work Plan

by Alston & Bird on

On November 10, 2016, the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued its 2017 Work Plan. The 2017 Work Plan outlines the areas of special concern to the OIG and...more

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

by Arnall Golden Gregory LLP on

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

New FTC Data Breach Response Guidelines

by Robins Kaplan LLP on

Cybersecurity should always be at the top of any retailer’s priority list—and even more so as the holiday shopping season gets underway. To that end, the Federal Trade Commission’s newly-released Data Breach Response...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

by Ballard Spahr LLP on

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

Healthcare Compliance: Juggling Risk Mitigation Strategies

by Michael Volkov on

Healthcare organizations – ranging from physician practice groups to large, multi-state hospital systems – face a variety of risks, including fraud and abuse, as well as HIPAA privacy issues. Starting from a baseline risk...more

"New HHS OIG Criteria to Guide Resolution of Health Care Investigations"

The Office of Inspector General of the Department of Health and Human Services (OIG) has issued updated guidance on the use of its so-called permissive exclusion authority under Section 1128(b)(7) of the Social Security Act...more

Recent Corporate Integrity Agreements Highlight HHS OIG’s Compliance Program Priorities

Corporate Integrity Agreements (CIAs) are among the most important tools in the U.S. Department of Health and Human Services Office of Inspector General’s (OIG) toolbox for promoting compliance in the health care industry....more

EEOC Issues Proposed Rule on Wellness Programs and GINA

by Franczek Radelet P.C. on

The Equal Employment Opportunity Commission (EEOC) has issued a proposed rule amending prior regulations under the Genetic Information Nondiscrimination Act of 2008 (GINA) to address incentives in workplace wellness programs....more

HHS’ Selection of Contractor Provides Latest Update on Impending Second Round of HIPAA Audits

by Reed Smith on

On October 27, 2015, a U.S. Department of Health and Human Services (“HHS”) official stated that the agency has hired FCi Federal, a provider of management and professional services to government agencies in Ashburn, VA, to...more

OCR Announces HIPAA Security Settlement with Cancer Care Group, P.C.

by Tucker Arensberg, P.C. on

In September, 2015, OCR and HHS issued a press release announcing a Resolution Agreement with the Cancer Care Group, P.C., which included entry into the agreement, the adoption of a robust compliance plan, and the payment of...more

SEC’s Increased Cybersecurity Enforcement and How to Reduce Your Risks

by Perkins Coie on

The SEC announced last week that an investment adviser had agreed to settle charges that it failed to take required steps to protect against and respond effectively to a cybersecurity breach. The action comes on the heels of...more

Don’t Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

by Orrick - Trust Anchor on

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called “Phase 2 Audits” are set to commence...more

Don't Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more

Time for a HIPAA Security Check-Up!

The 2015 HIPAA Security conference held by the National Institute of Standards and Technology (“NIST”) and the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) kicked off last week with OCR’s...more

Upcoming HIPAA Audits May Target Financial Institutions—Here’s How to Prepare

by Davis Wright Tremaine LLP on

Much like a tornado watch, the conditions appear to be right for a coming storm: the upcoming Phase 2 HIPAA audits. The Department of Health and Human Services Office for Civil Rights (OCR) has begun verifying contact...more

"HHS OIG Issues New Compliance Oversight Guidance for Boards of Directors"

On April 20, 2015, the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) published its “Practical Guidance for Health Care Governing Boards on Compliance Oversight” (the Guidance).1...more

Pressure Points: OCR Enforcement Activity in 2014

by McDermott Will & Emery on

During 2014, the Office for Civil Rights (OCR) of the U.S. Department of Health & Human Services initiated six enforcement actions in response to security breaches reported by entities covered by the Health Insurance...more

Alert: Five Ways to Reduce Your HIPAA Liability

by Cooley LLP on

As of early December 2014, 1,170 security breaches under the Health Insurance Portability and Accountability Act (HIPAA) involving 31 million records had been reported to the U.S. Department of Health and Human Services (HHS)...more

Government turns up the heat with the False Claims Act – 5 action steps for healthcare providers

by DLA Piper on

Forbes magazine has dubbed 2014 “The Year of the Whistleblower.” For healthcare providers, this designation has translated into millions of dollars in fines and penalties and the initiation of criminal investigations. ...more

Cliff Notes from the Joint OCR/NIST HIPAA Security Conference

As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more

Privacy Wednesday

What’s that old saying … “a day late and a dollar short?” Here is our Privacy Monday roundup … on Wednesday. Office for Civil Rights HIPAA Crackdown? The Office for Civil Rights (OCR) — the enforcement arm of...more

45 Results
|
View per page
Page: of 2
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.