Following the investigation of a self-reported data breach involving the loss of an unencrypted laptop containing the protected health information (PHI) of 13,000 individuals, the OCR slammed the New York based biomedical...more
The Office for Civil Rights (OCR) has been stating publicly that it will gear up for its second round of HIPAA audits for some time, and the time has come. The OCR has officially started the next round of audits of covered...more
On March 16, 2016, the Office for Civil Rights (OCR) issued a press release announcing that it has settled its investigation of North Memorial Health Care System (NMHCS), located in Minnesota, for $1.55 million saying that...more
As we stated in last week’s Insider, Monday, February 29, 2016, is the last day to self-report under 500 breaches of unsecured protected health information to the Office for Civil Rights (OCR) through the online breach...more
In its third release of HIPAA guidance over the past few weeks, the Department of Health and Human Services (HHS) released“The Real HIPAA: Care Coordination, Care Planning, and Case Management Examples” to assist covered...more
The Office for Civil Rights has provided additional educational materials for app developers through the app developers portal that it developed last fall.
The new material is intended to assist healthcare entities and...more
Pursuant to HIPAA/HITECH, covered entities are required to report breaches of unsecured protected health information that occurred in 2015 and affected less than 500 individuals to the Office for Civil Rights no later than 60...more
In an unusual scenario, in fact, only the second time in history, the Office for Civil Rights (OCR) was successful before an Administrative Law Judge (ALJ) in obtaining an order for the payment of civil monetary fines as a...more
A damning series of reports by ProPublica has revealed that based upon its analysis of federal data, “hundreds of health providers nationwide” have repeatedly violated HIPAA between 2011 and 2014.
According to the...more
The Office for Civil Rights (OCR) announced on Monday, December 14, 2014, that it has settled a HIPAA investigation with the University of Washington Medical School involving a data breach in October of 2013....more
Triple-S Management Corp., an insurance holding company based in San Juan, Puerto Rico, has agreed to settle an investigation of HIPAA violations by the Office for Civil Rights (OCR) for $3.5 million. According to the OCR...more
Just before Thanksgiving, the Office for Civil Rights (OCR) announced that Lahey Hospital and Medical Center (Lahey) has agreed to pay $850,000 in fines and penalties to the OCR and enter into a resolution agreement following...more
The Office for Civil Rights (OCR) of the Department of Health and Human Services has launched a web based portal so medical mobile app developers can ask their “burning” questions about HIPAA compliance....more
10/16/2015
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Mobile Apps ,
OCR
Although the Office for Civil Rights (OCR) has indicated in the past that it would start its next round of HIPAA audits, apparently it means business now. In the wake of an Inspector General report that the OCR was merely...more
10/2/2015
/ Audits ,
Compliance ,
Consumer Complaint Management ,
Covered Entities ,
Data Breach ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Inspector General ,
OCR ,
Popular ,
Privacy Laws
The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more
10/2/2015
/ Comment Period ,
Cybersecurity ,
Data Protection ,
Data Security ,
EHR ,
Electronic Medical Records ,
Extensions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Mobile Devices ,
NIST ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Security Rule
Using the Maryland Consumer Protection Act, Maryland Attorney General Brian Frosh has announced that eye care retailer Visionworks, Inc. has agreed to pay the state of Maryland $100,000 and enhance its security measures...more
9/4/2015
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Encryption ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Unfair or Deceptive Trade Practices ,
Wyndham
Advanced Data Processing, Inc. and Intermedix Corp. were sued in federal court in Florida last week for violating the Health Insurance Portability and Accountability Act (HIPAA) for failing to protect the health information...more
8/17/2015
/ Class Action ,
Class Certification ,
Data Breach ,
Data Processors ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Identity Theft ,
IRS ,
Personally Identifiable Information ,
Tax Fraud ,
Tax Refunds ,
Tax Returns
Adding to the long list of cyber hacking victims, the UCLA Health System announced on Friday (July 17, 2015) that it confirmed on May 5, 2015 that a cyber-attacker had accessed parts of UCLA Health’s network back to September...more
7/21/2015
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
FBI ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Identity Theft ,
Medicare ,
Mental Health ,
Personally Identifiable Information ,
Substance Abuse ,
UCLA
When we train employees on HIPAA, we always remind them that HIPAA violations carry significant penalties-both civil and criminal. Our favorite line is “Keep your day job.” Stealing patient information is never worth the...more
On April 22, 2015, the Office for Civil Rights (OCR) entered into its first HIPAA violation settlement in 2015. The settlement requires Cornell Prescription Pharmacy, a small pharmacy located in the Denver area to pay the OCR...more
Late last week, Partners HealthCare announced that it notified approximately 3,300 patients of a security breach involving a hacking incident where intruders accessed medical and personal information of patients....more
The Department of Health and Human Services (HHS) recently issued guidance on “HIPAA Privacy and Security and Workplace Wellness Programs.” The guidance helps employers determine whether or not the health information it may...more
In a scathing report released last Friday, the Department of Health and Human Services Office of the National Coordinator (ONC) accused hospitals and software vendors of preventing the sharing of health information in order...more
4/21/2015
/ Anti-Competitive ,
Competition ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
EHR ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Hospitals ,
ONC ,
PHI