In a ruling that could have broad ramifications for health data sharing, a federal judge has ruled that a patient complaining about a hospital sharing his health data without permission lacked standing because he suffered no...more
The United States Department of Health and Human Services (HHS) has closed an investigation into a Rhode Island health system stemming from a 2017 breach. Briefly summarized, Lifespan Health System Affiliated Covered Entity...more
As coronavirus sweeps the country, the patient load swamps the ability of health care professionals to deal with the crisis. In the United States, one measure used to expand capacity is telemedicine. Consequently, one concern...more
The coronavirus, officially COVID-19, is the most significant public health emergency in decades. The virus, believed to have originated in Wuhan, has expanded with astonishing rapidity. Despite government efforts, it has...more
Last week, Indiana based Medical Informatics Engineering, Inc. (MIE) agreed to pay $100,000 to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). MIE provides electronic health record and related...more
6/6/2019
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
OCR ,
PHI ,
Popular ,
Settlement ,
State Attorneys General
North Carolina joined Attorneys General from a dozen states in suing Indiana based Medical Informatics Engineering (MIE) and affiliates. The complaint alleges that the companies failed to undertake reasonable measures to...more
No human instinct is as ingrained as the desire to defend oneself against unjust criticism. But that instinct must be tamed where personal health information is involved. A Connecticut medical practice has just learned that...more
Missouri’s Cass Regional Medical Center (CRMC) was recently hit with a ransomware attack. Existing patients continued to receive care, but incoming trauma and stroke patients were diverted to other facilities. The hospital...more
HIPAA was enacted in 1996. In the years since, most healthcare entities have adapted to the major requirements imposed by HIPAA, HITECH, and the Privacy and Security Rules. Nevertheless, the thicket of regulations still...more
The ink had barely dried on the Alabama’s new data breach notification statute (which made it the 50th state to enact such legislation) when California upped the ante. In an effort to head off a November ballot initiative,...more
Data privacy regulation tends to take one of two general approaches. In most of the world—but not in the United States—the approach is usually characterized as “omnibus.” Under an omnibus regime, privacy rights are defined at...more
IRS Revokes Hospital's Exemption Under Section 501(c)(3) for Failure to Comply with Community Health Needs Assessment Requirements -
On August 4, 2017, the Internal Revenue Service (IRS) released its first revocation of a...more
The Citation of Immediate Jeopardy Deficiencies Against Nursing Facilities: Unforeseen Consequences -
There are no words more feared by a skilled nursing facility Administrator during an annual recertification survey or...more
10/24/2017
/ Criminal Background Checks ,
Drug Testing ,
Employee Benefits ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Long Term Care Facilities ,
Long-Term Care ,
OSHA ,
Ransomware ,
Salary/Wage History ,
Skilled Nursing Facility ,
Year-End Planning
We have previously written that the Internet of Things continues to spawn new cybersecurity and privacy concerns. These vulnerabilities have already served as plot devices for shows such as Homeland. Now, the U.S. Department...more
The United States has traditionally taken a libertarian approach to data privacy: “what is not forbidden is permitted.” Outside sensitive sectors such as health (HIPAA) and finance (GLBA), the United States was historically...more
12/20/2016
/ Corporate Counsel ,
Data Privacy ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Internet Service Providers (ISPs) ,
National Security ,
Popular ,
Safe Harbors ,
Schrems I & Schrems II
The Department of Health and Human Services’ Office of Civil Rights (OCR) has issued guidelines for HIPAA-covered entities that utilize cloud computing in processing electronic protected health information (ePHI). The...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and Oregon Health & Science University (OHSU) recently entered into a resolution agreement to settle potential violations of HIPAA’s Privacy and...more
A recently publicized settlement with the Office of Civil Rights of the U.S. Department of Health and Human Services highlights that it is not only important to have a HIPAA-compliant form of business associate agreement...more