As we have repeatedly emphasized on this blog, HIPAA Covered Entities must ensure that they have compliant business associate agreements (“BAAs”) in place with all of their business associates and must ensure that they have...more
As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015. Incredibly large data breaches became...more
This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more
10/30/2015
/ App Developers ,
Audits ,
Business Associates ,
Corrective Actions ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Fitbit ,
Hackers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
OCR ,
OIG ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI ,
Security Risk Assessments ,
Wearable Technology
As HIPAA-regulated entities anxiously await the commencement of the Phase II HIPAA audit program, the Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) has issued a report critical of...more
10/1/2015
/ Audits ,
Case Management ,
Corrective Actions ,
Covered Entities ,
Documentation ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medicare Part B ,
OCR ,
OIG ,
PHI ,
Regulatory Oversight
……………..a cumbersome C-A-P
The U.S Department of Health and Human Services Office for Civil Rights has received tremendous publicity in recent years for its upward-trendingfines and aggressive enforcement of HIPAA...more
As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more
Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the...more
The most recent Office for Civil Rights (“OCR”) HIPAA enforcement action serves as an important reminder to health care providers of the security risks associated with a mishandled medical records custody transfer and the...more
Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured...more
April 8, 2014 marks the end of Microsoft’s support for the Windows XP operating system, which means the end of security updates from Microsoft and the beginning of new vulnerability to hackers and other intruders into systems...more
On March 28, 2014, the Office of Civil Rights (OCR) announced the release of an online and iPad app-based security risk assessment (SRA) tool. The tool is intended to help health care providers in small to medium sized...more
Yesterday the Centers for Medicare & Medicaid Services (CMS) finally published the long-awaited final rule amending the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance Portability and...more
The Office for Civil Rights (OCR) is closing out 2013 with a reminder of the importance of an effective HIPAA compliance program. On December 26, 2013, OCR announced a resolution agreement with a Massachusetts physician...more
Welcome to our series, “The 12 Days of Privacy” as we look to “gifts” that may be received this season and some of the big issues ahead ….
Day One – - HIPAA 2014 – Where will the Audit Trail Lead?
The year 2013...more
In response to a recent lawsuit and outcry from a variety of players in the health care market, the Department of Health and Human Services (“HHS”) has committed to issuing guidance by September 23rd (the compliance date for...more
In what is believed to be the first legal challenge to the HIPAA Omnibus Rule (the “Rule”), a vendor of prescription drug adherence services is seeking an injunction to block certain provisions of the Rule related to drug...more
The Office for Civil Rights’ (OCR) latest seven-figure fine for HIPAA violations resulted from a failure to remove protected health information or “PHI” from the hard drive of a leased photocopier. The $1,215,780 settlement...more
Privacy gaffes and tidbits to start your week.
Keeping up with Kardashians is NOT a defense under HIPAA -
The LA Times recently reported the firing of six workers at Cedars-Sinai Medical Center in connection...more
The LA Times recently reported the firing of six workers at Cedars-Sinai Medical Center in connection with the unauthorized access to patient medical records. The firings occurred in the days following the birth of reality...more
Earlier this week we attended the National Institute of Standards and Technology (NIST) and HHS Office for Civil Rights (OCR) 6th Annual Safeguarding Health Information Conference in Washington, D.C. (the NIST-OCR...more
Gun violence is a hot topic in the wake of the Newtown shootings and the aftermath of last week’s Boston Marathon bombings, and now health privacy has joined the debate....more
The HIPAA Omnibus Rule goes into effect today, which officially starts the clock for covered entities, business associates, and their subcontractors to begin updating their agreements, forms, policies, procedures, and...more
The Office for Civil Rights (OCR) is preparing to conduct an online survey of the 115 covered entities it audited in 2012 as part of the HITECH-mandated, pilot audit program. OCR hopes to use the survey results to evaluate...more
Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule.
The chart lists provisions of the proposed privacy, security and enforcement rules mandated by the Health Information...more
The final regulations from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally...more
1/18/2013
/ Business Associates ,
Compliance ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
Notice Requirements ,
Notifications ,
OCR ,
Patient Privacy Rights ,
PHI ,
Subcontractors