While OCR enforcement activity has focused on a covered entity’s safeguarding of ePHI, organizations cannot forget about PHI in non-electronic form. To settle potential violations of the HIPAA Privacy Rule, Parkview Health...more
On May 7, 2014, HHS OCR announced a pair of resolution agreements with New York Presbyterian Hospital (NYP) and Columbia University (CU) totaling $4.8 million dollars—the highest settlement amount to date. These resolution...more
Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other...more
North Dakota has amended its Notice of Security Breach for Personal Information statute, North Dakota Century Code Section 51-30 et seq., to expand the definition of “personal information” to include “medical information” and...more
In This Issue:
- A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule
1. Business Associates and Subcontractors
2. Breach Notification
3. Covered Entity Organizational Structures
4. Cloud...more
3/1/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Subcontractors
A California hospital that disclosed a patient’s medical record in response to a California Watch investigative report on the alleged inappropriate billing practices of the hospital’s parent organization was recently cited by...more