While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI),...more
While OCR enforcement activity has focused on a covered entity’s safeguarding of ePHI, organizations cannot forget about PHI in non-electronic form. To settle potential violations of the HIPAA Privacy Rule, Parkview Health...more
As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR. But according to recent remarks by a high-ranking HHS attorney, if you thought these...more
On May 7, 2014, HHS OCR announced a pair of resolution agreements with New York Presbyterian Hospital (NYP) and Columbia University (CU) totaling $4.8 million dollars—the highest settlement amount to date. These resolution...more
To combat new risks associated with rapidly evolving health information technology, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act...more
To start 2014, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first resolution agreement of the year and its first settlement with a county government – signaling that even local...more
Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other...more
On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more
Throughout 2013, HHS OCR has stated that covered entities of all sizes need to give priority to securing ePHI. In addition, HHS OCR has recommended that covered entities identify and mitigate risks before an incident occurs....more
Under the Privacy Rule, an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that...more
North Dakota has amended its Notice of Security Breach for Personal Information statute, North Dakota Century Code Section 51-30 et seq., to expand the definition of “personal information” to include “medical information” and...more
The Department of Health and Human Services Office for Civil Rights (HHS OCR) today announced its 4th resolution agreement of 2013....more
In its third resolution agreement of 2013, the Department of Health and Human Services, Office for Civil Rights (HHS OCR) today announced a $1.7 million resolution agreement with WellPoint, Inc., a health insurer and managed...more
Under the Final Rule, as previously discussed, business associates must comply with the technical, administrative, and physical safeguard requirements under the Security Rule....more
HHS OCR announced today its second resolution agreement of 2013. Shasta Regional Medical Center (SRMC) has agreed to pay $275,000 and enter into a comprehensive corrective action plan (CAP) to settle an investigation opened...more
“HIPAA is a valve, not a blockage,” stated HHS OCR Director Leon Rodriguez, at the OCR/NIST 6th Annual Conference on Safeguarding Health Information: Building Assurance through HIPAA Security....more
In This Issue:
- A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule
1. Business Associates and Subcontractors
2. Breach Notification
3. Covered Entity Organizational Structures
4. Cloud...more
3/1/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Subcontractors
A California hospital that disclosed a patient’s medical record in response to a California Watch investigative report on the alleged inappropriate billing practices of the hospital’s parent organization was recently cited by...more