The HHS Office for Civil Rights (OCR) released a new guidance document regarding which HIPAA violations business associates (BAs) can and cannot be held directly liable for. In the guidance, OCR states that BAs can be held...more
It was a busy April for the Office for Civil Rights (“OCR”) (see our prior post on a settlement from earlier in April). On April 20, OCR announced a Resolution Agreement with Center for Children’s Digestive Health, S.C....more
The FBI has issued new guidance specifically applicable to medical and dental facilities regarding the cybersecurity risk of File Transfer Protocol (“FTP”) servers operating in “anonymous” mode. FTPs are routinely used to...more
3/30/2017
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Dentists ,
FBI ,
File Transfer Protocols (FTP) ,
Hackers ,
Health Care Providers ,
Hospitals ,
New Guidance ,
Pharmacies ,
PHI ,
Physicians ,
Ransomware
Capping off a busy month of HIPAA settlements, on August 4, the Office for Civil Rights (“OCR”) announced a $5.55 million settlement with Advocate Health Care Network (“Advocate”), the largest fully-integrated healthcare...more
Covered Entities need to continue to check their inboxes for emails from the HHS Office for Civil Rights (“OCR”) requesting verification of contact information in connection with Phase 2 of the HIPAA Audit Program. OCR...more
On March 21st, the HHS Office for Civil Rights (“OCR”) officially launched Phase 2 of the HIPAA Audit Program. Covered Entities and Business Associates need to be prepared for these audits and be on the lookout for emails...more
As we have repeatedly emphasized on this blog, HIPAA Covered Entities must ensure that they have compliant business associate agreements (“BAAs”) in place with all of their business associates and must ensure that they have...more
This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more
10/30/2015
/ App Developers ,
Audits ,
Business Associates ,
Corrective Actions ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Fitbit ,
Hackers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
OCR ,
OIG ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI ,
Security Risk Assessments ,
Wearable Technology
After a summer that saw major data breaches at the Office of Personnel Management and UCLA Health System, this fall is a great time to take your organization back to school on HIPAA compliance and data security. Here are...more
8/27/2015
/ Business Associates ,
C-Suite Executives ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
ONC ,
Security Risk Assessments
The HHS Office of the National Coordinator for Health Information Technology (“ONC”) recently released a new and improved version 2.0 of their Guide to Privacy and Security of Electronic Health Information. This revamped...more
Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule.
The chart lists provisions of the proposed privacy, security and enforcement rules mandated by the Health Information...more