The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is required by law to perform periodic audits of covered entities and business associates to ensure their compliance with HIPAA Security Rule...more
Federal and state agencies continue to remain active this year, particularly with regard to laws that impact healthcare technology. As part of our ongoing efforts to track health technology-related legislation and...more
On February 12, 2024, the U.S. Department of Health and Human Services (“HHS”) published a notice in the Federal Register regarding reinstatement of the Health Information Portability and Accountability Act of 1996 (“HIPAA”)...more
While some of the legal requirements on your organization can seem overly burdensome, there are times when legal requirements also align nicely with what makes good business sense. Risk assessments in the healthcare industry...more
In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business...more
Dive into a broad spectrum of topics affecting healthcare organizations. Explore the latest laws, regulations, and developments to help you effectively manage your organization’s privacy compliance program. Our Academies are...more
We expect 2018 to be another year of rapid change within the health care industry. In this episode, Mary Beth Johnston highlights some of the key topics that the health care practice group will monitor in the coming year,...more
Health Care Organizations Saw an 89% Increase in Ransomware in 2017 - Our experience last year is consistent with the conclusion of a new report issued by Cryptonite in its 2017 Health Care Cyber Research Report—that the...more
Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights...more
On September 22, 2017, Aegerion Pharmaceuticals resolved a wide-ranging probe by the Department of Justice (DOJ) regarding the company’s U.S. commercial activities relating to Juxtapid, a lipid-lowering agent for the...more
Thus far in 2017, the U.S. Department of Health and Human Service’s Office for Civil Rights has continued the step-up in HIPAA enforcement activity we saw in 2016 and appears on track to exceed 2016’s enforcement activity. ...more
Medical practices that routinely use laser technology are subject to some of the same legal issues as other types of practices. Use of lasers creates additional compliance issues and highlights certain compliance risk areas....more
Last week the Health Care Compliance Association hosted its annual “Compliance Institute.” Iliana Peters, HHS Office for Civil Rights’ Senior Advisor for HIPAA Compliance and Enforcement, provided a thorough update of HIPAA...more
HIPAA privacy guidance, audits, and enforcement are continuing under the new Administration. On March 27, 2017, Iliana Peters, Senior Adviser for HIPAA Compliance and Enforcement at the US Department of Health and...more
Although it is not a new requirement, it is important and therefore worth a reminder: HIPAA requires covered entities to establish and implement written policies and procedures that are consistent with its Privacy and...more
Receiving an email that your practice has been identified for participating in the HIPAA Privacy, Security, and Breach Rules Audit Program is enough to raise anyone’s blood pressure. The likely response is to open the email...more
On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has posted an alert (and a follow-up alert) warning health plans, health care providers, and their vendors of a mock communication...more
As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more
Editor’s Note: This is the third in a continuing end-of-year series. The year ahead promises to be a busy one for those with responsibility for HIPAA compliance, as the Office of Civil Rights (OCR), charged with...more
Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators. The U.S. Department of Health and Human Services Office for Civil Rights...more
As 2016 comes to an end, we are pleased to present you with our traditional End of Year Plan Sponsor “To Do” Lists. Like last year, we are presenting our “To Do” Lists in three separate Employee Benefits Updates. Part 1 of...more
Financial organizations that are business associates can expect a wave of HIPAA desk audits to evaluate the HIPAA compliance efforts of business associates. These audits have a limited focus and are conducted by the U.S....more