The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more
The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more
The U.S. Department of Health and Human Services (“HHS”) recently issued new guidance clarifying how the HIPAA Privacy Rule strikes the balance of protecting individuals’ privacy of mental health information and communicating...more
The Federal Trade Commission (FTC) sent a message about the importance of imposing appropriate security measures on—and monitoring—vendors with access to confidential consumer information. The FTC issued a 20-year consent...more
The Office of the Privacy Commissioner of Canada (OPC) announced on January 15, 2013, that it reached a settlement with Google over the use of health information in behavioral advertising. The case involving a complaint that...more
HIPAA compliance ended with a bang in 2013, with the feds issuing the first settlement involving a health provider’s failure to have breach notification policies and procedures in place. On Dec. 24, 2013, the Department of...more
Just in time for the September 23, 2013, deadline for compliance with the HIPAA Omnibus Rule, the U.S. Department of Health and Human Services (“HHS”) issued a set of model notices of privacy practices for health care...more
Last week the Department of Health and Human Services (“HHS”) announced that it has postponed the Sept. 23, 2013, HIPAA Omnibus Rule deadline for many clinical laboratories to revise their notices of privacy practices...more
In a reminder that the U.S. Department of Health and Human Services (“HHS”), with its HIPAA security requirements and enforcement authority, is not the only game in town when it comes to health information privacy, the...more
On July 8, 2013, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) entered into a $1.7 million resolution agreement with WellPoint over a 2009-2010 security breach....more
Last week a regional California medical center entered a $275,000 settlement for disclosing patient information to the media, spotlighting HIPAA’s tight reign over covered health providers even when they try to defend their...more
In January 2013, The U.S. Department of Health and Human Services released the HIPAA Omnibus Rule in the Federal Register, the most significant changes to the HIPAA regulations since they were first promulgated. ...more
The Omnibus Rule went into effect on March 26, 2013. While covered entities and business associates have until Sept. 23, 2013, to comply with new restrictions and obligations, they can take advantage of the rule’s benefits...more
4/3/2013
/ Business Associates ,
Covered Entities ,
Data Protection ,
Fundraisers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Omnibus Rule ,
Immunization Records ,
Medical Research ,
Notice Requirements ,
PHI
HIPAA covered entities have through Friday, March 1, 2013, to report small breaches of unsecured protected health information that occurred in calendar year 2012 to the U.S. Department of Health and Human Services (HHS). A...more
On Jan. 17, 2013, the Department of Health and Human Services (HHS) released the long-awaited “Omnibus Rule,” which amends the administrative simplification provisions of the Health Insurance Portability and Accountability...more
1/24/2013
/ Business Associates ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
PHI ,
Privacy Policy
On Jan. 17, 2013, the long-awaited HIPAA “Omnibus Rule” went on display at the Federal Register, finalizing changes to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules....more
At long last, after much delay and speculation, the HIPAA Omnibus Rule has been placed on display at the Federal Register in preparation for formal publication....more
In what HHS declares as “the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500 individuals,” the Office for Civil Rights (OCR) reached a $50,000...more
The U.S. Department of Health and Human Services recently posted a website focusing on mobile devices and health information privacy and security at http://www.healthit.gov/mobiledevices. The website includes five videos on...more
On Nov. 16, 2012, the Office of the National Coordinator for Health Information Technology (ONC) released a request for comment regarding Stage 3 meaningful use measures, taking a step forward in the ongoing effort to define...more
HIPAA places tight restrictions on the use and disclosure of protected health information, but there are many ways to “de-identify” it, freeing it from HIPAA’s constraints. Covered entities and business associates can use...more