In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business...more
Assessing the privacy and cybersecurity practices of third-party service providers is critical not only for employee personal information, but also for confidential and personal information pertaining to an organization’s...more
A proposal by Indiana’s Attorney General Curtis Hill on Wednesday would add a significant step in the incident response process for responding to breaches of security affecting Indiana residents. On Wednesday, during a U.S....more
When providers, health plans, business associates, and even patients and plan participants think of the HIPAA privacy and security rules (‘HIPAA Rules”), they seem to be more focused on the privacy and security aspects of the...more
Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding...more
9/4/2020
/ Compliance ,
Covered Entities ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Employee Training ,
Hardware ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Incident Response Plans ,
OCR ,
Software
Roger Severino, Director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), provides advice for HIPAA covered health care providers:
"When informed of potential HIPAA...more
In the midst of COVID-19 challenges, privacy and security matters continue to be at the forefront for federal and state legislature. In late March, the Washington D.C. (“D.C.”) legislature amended its data breach notification...more
On April 3, the Office for Civil Rights (OCR) issued an alert to covered entities and business associates. Evidently, one or more individuals are posing as OCR Investigators and contacting HIPAA covered entities and business...more
The Office for Civil Rights (OCR) has been moving swiftly to provide guidance on addressing key regulatory issues to aid in the fight to contain and defeat COVID-19. Some of the latest developments include exercising its...more
With first responders on the front lines of helping to fight the coronavirus, sharing information about potential exposure to COVID-19 is critical to protecting them and preventing further spread. In these situations, the...more
The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) wants to make it easier for individuals to reach a healthcare provider, including those most at risk (older persons and persons with...more
As the coronavirus spreads across the globe and in the United States, providers, businesses, employers, and others are struggling to understand what medical information they can collect and what information they can share....more
The outbreak of a new coronavirus that is believed to have began in central Chinese city of Wuhan and now appears to be spreading to the United States is driving concerns for organizations around preparedness regarding their...more
Websites play a vital role for organizations. They facilitate communication with consumers, constituents, patients, employees, and the general public. They project an organization’s image and promote goodwill, provide...more
When privacy geeks talk “privacy,” it is not uncommon for them to use certain terms interchangeably –personal data, personal information, personally identifiable information, private information, individually identifiable...more
No business likes to receive bad reviews on Yelp® or anywhere else in social media. When they do, some feel the need to respond to clarify or rebut the reviews, but they must do so carefully....more
As we have observed here, news reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many...more
Many health care providers, including small and medium-sized physician practices, rely on a number of third party service providers to serve their patients and run their businesses. Perhaps the most important of these is a...more
When the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 became law, it made significant changes to the civil monetary penalties for violations of HIPAA. In addition to increasing the...more
Privacy and cybersecurity risks continue to emerge for organizations large and small. While by no means exhaustive, we briefly discuss some key issues that organizations may need to focus on in 2019 and beyond....more
1/8/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Email ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular ,
TCPA
Over the past thirty days, the Office for Civil Rights (“OCR”) has reached three HIPAA breach resolutions, signaling to organizations that are covered entities and business associates under HIPAA, the importance of...more
October 2018 marks the 15th annual National Cyber Security Awareness Month. In honor of this occasion, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR)...more
The nation’s patchwork of state data breach notification laws is now complete. All 50 states, as well as the District of Columbia, Puerto Rico, Guam, and the Virgin Islands, have enacted breach notification laws requiring...more
Last week, New Jersey Attorney General Gurbir S. Grewal and the New Jersey Division of Consumer Affairs (“Division”) announced that a physician group affiliated with more than 50 South Jersey medical and surgical practices...more
Physician practices and other health care providers respond to numerous requests for confidential patient information from patients and others. Mistakes made by employees fulfilling such requests for medical records or making...more