The OCR’s January 2018 newsletter details specific types of cyber extortion that healthcare organizations are currently encountering, including ransomware, denial of service attacks, distributed denial of service attacks and...more
On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb....more
2/1/2018
/ Confidential Information ,
Cybersecurity ,
Data Privacy ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Medical Records ,
Patient Privacy Rights ,
Popular ,
SAMHSA ,
Substance Abuse
Cyber threats are here to stay. No company, large or small, is immune. But there are basic measures you can take to prepare for the legal and business risks associated with an attack....more
Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by...more
How the theft of a single password-protected laptop turned into an enterprise-wide review of an organization’s data protection practices.
Following the announcement of a recent settlement between the U.S. Department of...more
Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) recently agreed to enter into a $650,000 resolution agreement and a two-year corrective action plan (CAP) with the Office for Civil Rights (OCR). CHCS...more
By couching its position in an individual’s right to access protected health information (PHI), beginning on January 7, 2016, the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) issued guidance to...more
Just four months into 2016, the healthcare industry is already facing a permanent and increasing threat to hospital operations: ransomware. Previously, BakerHostetler reported that Hollywood Presbyterian Hospital paid 40...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) continued its run of resolution agreements for HIPAA violations, pulling in $5.45 million from just two entities, North Memorial Health Care of...more
Every tax season is plagued with scams to defraud individuals and companies for money from tax returns. However, this year has started off with a bang and this means that the healthcare industry has another reason to worry....more
3/14/2016
/ Data Breach ,
Email ,
Hackers ,
Health Care Providers ,
Identity Theft ,
IRS ,
Phishing Scams ,
Popular ,
Spoofing ,
Tax Fraud ,
Tax Returns
On January 13, 2016, the Department of Health and Human Services’ Administrative Law Judge upheld the Office for Civil Rights’ (OCR’s) civil monetary penalty (CMP) against Lincare, Inc., d/b/a United Medical (Lincare), for...more
On January 6, 2016, the U.S. Department of Health and Human Services (HHS) released a modification to the Health Insurance Portability and Accountability Act (HIPAA) removing barriers to reporting federal mental health...more
On November 13, 2015, the chief administrative law judge (“ALJ”) handling the Federal Trade Commission’s (“FTC” or “Commission”) complaint against LabMD Inc. (“LabMD”) dismissed the case in its entirety. As we previously...more
The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which...more
The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which...more
CMS and the Office of the National Coordinator for Health Information (ONC) recently released the 752-page final rule for Meaningful Use Stages 2 (MU2) and 3 (MU3). The final rule provides a flexible timeline for providers...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more
10/14/2015
/ Compliance ,
Corporate Fines ,
Corrective Actions ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personally Identifiable Information ,
PHI ,
Privacy Concerns ,
Security Risk Assessments ,
Security Rule
We have released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. The report confirms the...more
6/12/2015
/ Attorney General ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Government Investigations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Medical Records ,
OCR ,
PHI
The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 “the year of the breach.” Most incidents are described publicly with attention-grabbing terms such as...more
Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is...more
2/9/2015
/ Anthem Insurance ,
Breach Notification Rule ,
Corporate Counsel ,
Data Breach ,
Employer Group Health Plans ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
PHI ,
Popular ,
Self-Insured Health Plans
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently launched an updated version of the portal covered entities must use to notify OCR regarding a breach of unsecured protected health...more
Of all the complex legal issues raised by the recent cases of Ebola in the U.S., those concerning the delicate balance between preserving patients’ privacy rights and the need to disseminate information to protect public...more
In light of the recently reported large healthcare data breaches that have resulted in the potential theft of the personal information of millions of patients, the FBI warned healthcare providers yet again of the dangers of...more
While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI),...more
As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR. But according to recent remarks by a high-ranking HHS attorney, if you thought these...more