The United States Court of Appeals for the Fifth Circuit recently found that the United States Department of Health and Human Services (HHS) lacked a lawful basis for a $4.3 million civil money penalty order that it issued to...more
The Office for Civil Rights (OCR) updated its agenda, outlining proposed and final rules as well as pre-rule document releases for 2018. A notable, and highly anticipated, advance notice of proposed rulemaking included on the...more
On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb....more
2/1/2018
/ Confidential Information ,
Cybersecurity ,
Data Privacy ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Medical Records ,
Patient Privacy Rights ,
Popular ,
SAMHSA ,
Substance Abuse
We have released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. The report confirms the...more
6/12/2015
/ Attorney General ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Government Investigations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Medical Records ,
OCR ,
PHI
The long awaited HIPAA/HITECH Final Rule became effective March 26, 2013, but covered entities, business associates and subcontractors will have until September 23, 2013, to fully comply.
...more
In This Issue:
- A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule
1. Business Associates and Subcontractors
2. Breach Notification
3. Covered Entity Organizational Structures
4. Cloud...more
3/1/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Subcontractors
The U.S. Department of Health and Human Services (HHS) issued, on January 17, 2013, its final omnibus rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules as well...more
1/29/2013
/ Business Associates ,
Covered Entities ,
Cyber Insurance ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
OCR ,
Risk Assessment ,
Risk Management
The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more
1/21/2013
/ Compliance ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
HONI ,
Mobile Devices ,
OCR ,
Patient Confidentiality Breaches ,
PHI ,
Settlement
The breach notification interim final rule requires covered entities to submit to the Office for Civil Rights (OCR) notice of breaches of unsecured protected health information (PHI) (45 C.F.R. 164.408) by March 1, 2013....more
The Department of Health and Human Services Office of Inspector General (“OIG”) recently published a report, CMS Response to Breaches and Medical Identity Theft (“Report”), which referenced 14 breaches of medical information...more