Kimberly M. Wong

Kimberly M. Wong

BakerHostetler

Contact
View Bio
RSS

Latest Posts › Data Protection

Share:

Health System Investigated for Leaving PHI in Doctor’s Driveway – Settles with OCR for $800K

While OCR enforcement activity has focused on a covered entity’s safeguarding of ePHI, organizations cannot forget about PHI in non-electronic form. To settle potential violations of the HIPAA Privacy Rule, Parkview Health...more

6/26/2014  /  Data Breach , Data Protection , EHR , Health Insurance Portability and Accountability Act (HIPAA) , OCR , PHI

HHS Attorney: Major HIPAA Fines and Enforcement Coming

As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR. But according to recent remarks by a high-ranking HHS attorney, if you thought these...more

6/16/2014  /  Data Protection , Department of Health and Human Services (HHS) , Enforcement , Enforcement Actions , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare

HHS OCR Settles Post-Data Breach Investigation for Record $4.8M

On May 7, 2014, HHS OCR announced a pair of resolution agreements with New York Presbyterian Hospital (NYP) and Columbia University (CU) totaling $4.8 million dollars—the highest settlement amount to date. These resolution...more

5/13/2014  /  Data Breach , Data Protection , Department of Health and Human Services (HHS) , EHR , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare , Hospitals , OCR , PHI

OCR Releases Model Notices of Privacy Practices

Under the Privacy Rule, an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that...more

10/2/2013  /  Covered Entities , Data Protection , Department of Health and Human Services (HHS) , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Omnibus Rule , Notice of Privacy Practices , Notice Requirements , OCR , Personally Identifiable Information , PHI

North Dakota Breach Notification Law - Personal Information Includes Health Information

North Dakota has amended its Notice of Security Breach for Personal Information statute, North Dakota Century Code Section 51-30 et seq., to expand the definition of “personal information” to include “medical information” and...more

9/30/2013  /  Data Breach , Data Protection , New Amendments , Notice Requirements , Personally Identifiable Information , PHI

Health Plan Settles HHS OCR Investigation Related to Photocopier Breach for $1.2m

The Department of Health and Human Services Office for Civil Rights (HHS OCR) today announced its 4th resolution agreement of 2013....more

8/15/2013  /  Data Protection , Department of Health and Human Services (HHS) , Electronically Stored Information , Health Insurance Portability and Accountability Act (HIPAA) , OCR , PHI

HIPAA, Business Associates, and the Cloud

Under the Final Rule, as previously discussed, business associates must comply with the technical, administrative, and physical safeguard requirements under the Security Rule....more

6/24/2013  /  Business Associates , Cloud Computing , Covered Entities , Data Protection , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare , HIPAA Omnibus Rule , PHI , Third-Party

Special Edition: Health Law Update - February 28, 2013

In This Issue: - A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule 1. Business Associates and Subcontractors 2. Breach Notification 3. Covered Entity Organizational Structures 4. Cloud...more

3/1/2013  /  Business Associates , Cloud Computing , Covered Entities , Data Breach , Data Protection , Department of Health and Human Services (HHS) , GINA , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Omnibus Rule , HITECH Act , Notice Requirements , OCR , PHI , Subcontractors

State Fines Hospital For Patient Confidentiality Breach; Requires HIPAA Training For Executives

A California hospital that disclosed a patient’s medical record in response to a California Watch investigative report on the alleged inappropriate billing practices of the hospital’s parent organization was recently cited by...more

12/13/2012  /  Data Breach , Data Protection , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare , Hospitals , Personally Identifiable Information
9 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide