All players in the health and wellness ecosystem should be following developments around the American Data Privacy and Protection Act (ADPPA). If enacted, the ADPPA would be a watershed in the regulation of the privacy and...more
Today, we’re looking back at HIPAA and other privacy and security developments in 2018. This past year saw continued HIPAA enforcement (including the largest ever fine for a HIPAA breach), reminders from the OCR on best...more
1/7/2019
/ Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Popular ,
State Data Breach Notification Statutes
Privacy and security compliance obligations for health care companies remain hot topics this spring. Health care companies must now contend with data breach laws in all 50 states as well as keeping on top of federal HIPAA...more
6/21/2018
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
Revocation ,
State and Local Government ,
State Data Breach Notification Statutes
Earlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam. The phishing scam, carried...more
4/13/2017
/ Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Email ,
Enforcement Actions ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Incident Response Plans ,
OCR ,
Phishing Scams ,
Risk Assessment ,
Risk Management ,
Settlement
The Massachusetts Department of Public Health (DPH) has released proposed amended regulations for the licensure of hospitals, clinics, and out-of-hospital dialysis units, proposed the rescission of separate birth center...more
Covered Entities need to continue to check their inboxes for emails from the HHS Office for Civil Rights (“OCR”) requesting verification of contact information in connection with Phase 2 of the HIPAA Audit Program. OCR...more
On March 21st, the HHS Office for Civil Rights (“OCR”) officially launched Phase 2 of the HIPAA Audit Program. Covered Entities and Business Associates need to be prepared for these audits and be on the lookout for emails...more
Recent enforcement actions by the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) have highlighted that, not surprisingly, Covered Entities should not leave medical records in a...more
Those wishing to comment on revisions to the Federal Policy for Protection of Human Subjects (known as the “Common Rule”) could add a 30-day comment period extension to the things they were grateful for at this year’s...more
Most health-care lawyers are accustomed to monitoring the high profile areas of regulatory enforcement in health care. However, many hospital lawyers, whether in-house or outside counsel, are unaware of the potential...more
10/23/2015
/ Centers for Medicare & Medicaid Services (CMS) ,
Certificates of Compliance ,
Civil Monetary Penalty ,
CLIA ,
Clinical Laboratory Testing ,
Department of Health and Human Services (HHS) ,
Diagnostic Tests ,
Food and Drug Administration (FDA) ,
Healthcare ,
Hospitals ,
Laboratories ,
Laboratory Developed Tests ,
Medicaid ,
Medicare ,
Sanctions
The HHS Office of the National Coordinator for Health Information Technology (“ONC”) recently released a new and improved version 2.0 of their Guide to Privacy and Security of Electronic Health Information. This revamped...more
As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more
Yesterday, the Department of Health and Human Services (“HHS”) and the Department of Justice (“DOJ”) released their Annual Report for the Health Care Fraud and Abuse Control Program (the “Program”). The report highlights the...more