On Sept. 18, 2014, California’s governor approved Assembly Bill 1755, extending California’s stringent breach notification deadline for medical information breaches from five business days to 15 business days for clinics,...more
On Oct. 6, 2014, a final rule issued jointly by the Centers for Medicare & Medicaid Services (CMS), Centers for Disease Control and Prevention (CDC), and Office for Civil Rights (OCR) will require all HIPAA-covered labs...more
On July 23, 2014, the Massachusetts attorney general announced a settlement with Women & Infants Hospital of Rhode Island (WIH) over the loss of unencrypted backup tapes. WIH agreed to pay $150,000 and undertake numerous...more
The California Court of Appeal recently held that in order to recover under California’s Confidentiality of Medical Information Act (CMIA), Civ. Code §§ 56 et seq., a plaintiff must plead and prove that the “stolen medical...more
The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more
In a reminder that the U.S. Department of Health and Human Services (“HHS”), with its HIPAA security requirements and enforcement authority, is not the only game in town when it comes to health information privacy, the...more
Last week a regional California medical center entered a $275,000 settlement for disclosing patient information to the media, spotlighting HIPAA’s tight reign over covered health providers even when they try to defend their...more
The Omnibus Rule went into effect on March 26, 2013. While covered entities and business associates have until Sept. 23, 2013, to comply with new restrictions and obligations, they can take advantage of the rule’s benefits...more
4/3/2013
/ Business Associates ,
Covered Entities ,
Data Protection ,
Fundraisers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Omnibus Rule ,
Immunization Records ,
Medical Research ,
Notice Requirements ,
PHI
On Jan. 17, 2013, the Department of Health and Human Services (HHS) released the long-awaited “Omnibus Rule,” which amends the administrative simplification provisions of the Health Insurance Portability and Accountability...more
1/24/2013
/ Business Associates ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
PHI ,
Privacy Policy
At long last, after much delay and speculation, the HIPAA Omnibus Rule has been placed on display at the Federal Register in preparation for formal publication....more
HIPAA places tight restrictions on the use and disclosure of protected health information, but there are many ways to “de-identify” it, freeing it from HIPAA’s constraints. Covered entities and business associates can use...more