On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the "Act"), which will regulate the collection, use, and disclosure of "consumer health data" ("Consumer Health Data" or "CHD"). The...more
5/2/2023
/ Business Associates ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
PHI ,
Private Right of Action
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued a bulletin on December 1, 2022, clarifying that "regulated entities are not permitted to use tracking technologies in a manner that would...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced four enforcement resolutions at the end of March 2022, with issues ranging from the misuse of protected health information (PHI)...more
The Department of Health and Human Services Office for Civil Rights (OCR) today announced that it is lowering the maximum total penalties it may assess against covered entities and business associates for multiple violations...more
Recent statements at the 27th National HIPAA Summit suggest that the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) may be changing its position and expecting a greater level of vendor due...more
What if Artificial Intelligence (AI) is deployed within a health system to apply machine learning to patient information, in part, to allow patients to download information and wellness numbers (such as steps, blood pressure,...more
On April 24, 2017, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac...more
What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more
Financial organizations that are business associates can expect a wave of HIPAA desk audits to evaluate the HIPAA compliance efforts of business associates. These audits have a limited focus and are conducted by the U.S....more
Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more
Phase 2 of the HIPAA audits is fully underway, and covered entities now can take a breath if they have not received a desk audit request. But we still are at the beginning of Phase 2, with more to come.
...more
Athletes at the Rio Olympics aren’t the only ones setting records this year. Hoping to send a “strong message” about the importance of safeguarding electronic protected health information (PHI) and conducting mandated risk...more
Pikachu, Alakazam, Bulbasaur, Charmander, and Squirtle can teach us a few things about HIPAA privacy. Pokémon GO is a recent craze encouraging people to try to catch’em all. As a result, employees, clients, and patients are...more
It’s a HIPAA first. A business associate has settled a direct enforcement action over allegations that it potentially violated the Health Insurance Portability and Accountability Act (HIPAA). This settlement portends future...more
8/3/2016
/ Business Associates ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Financial Institutions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Popular ,
Settlement Agreements
For the first time, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) has entered into a Resolution Agreement with a business associate over allegations that it potentially violated the Health...more
As we previously reported, the HHS Office for Civil Rights (OCR) launched Phase II of its audit program on March 21. Since that time, a significant amount of new information has emerged, including details regarding the...more
The Phase 2 audit program for HIPAA compliance is under way. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that it had launched the Phase 2 audits to examine and assess how covered...more
Business associate agreements that have not already been updated as required by the HIPAA Omnibus Rule should be updated by September 22, 2014.
The Omnibus Rule changed and added mandatory language for valid business...more
On Jan. 17, 2013, the Department of Health and Human Services (HHS) released the long-awaited “Omnibus Rule,” which amends the administrative simplification provisions of the Health Insurance Portability and Accountability...more
1/24/2013
/ Business Associates ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
PHI ,
Privacy Policy
On Jan. 17, 2013, the long-awaited HIPAA “Omnibus Rule” went on display at the Federal Register, finalizing changes to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules....more
At long last, after much delay and speculation, the HIPAA Omnibus Rule has been placed on display at the Federal Register in preparation for formal publication....more