If a Health Insurance Portability and Accountability Act (HIPAA)-covered entity experiences a data breach involving fewer than 500 individuals, the incident must be reported to the U.S. Department of Health and Human Services...more
The Federal Trade Commission (FTC) adopted a policy statement on Sept. 15, 2021, emphasizing that developers of digital health apps, connected devices and other health products have obligations under the Health Breach...more
9/27/2021
/ App Developers ,
Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Mobile Apps ,
Mobile Health Apps ,
Notice Requirements ,
PHI
An amendment to the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on Jan. 5, 2021, directing U.S. Health and Human Services (HHS) to consider "recognized security practices"...more
8/31/2021
/ Compliance ,
Covered Entities ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Industry Cybersecurity Practices (HICP) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Incident Response Plans ,
New Legislation ,
NIST ,
PHI
Companies in the healthcare space sometimes tout to prospective customers that they are "Health Insurance Portability and Accountability Act (HIPAA) compliant." A recent Federal Trade Commission (FTC) settlement suggests that...more
To date, there has been little consistency in how Health Insurance Portability and Accountability Act (HIPAA) requirements are enforced by the U.S. Department of Health and Human Services (HHS), or the amount of settlements...more
2/5/2021
/ Anti-Kickback Statute ,
Attorney-Client Privilege ,
Civil Monetary Penalty ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Dismissals ,
Enforcement Actions ,
False Claims Act (FCA) ,
Fraud ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Medicare ,
PHI ,
Physicians ,
Stark Law ,
WA Supreme Court
On Jan. 5, 2021, the President signed into law H.R. 7898, which provides even more incentive for Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates to develop robust security...more
Privacy revisions under the Health Insurance Portability and Accountability Act (HIPAA) may be on the horizon, with some potential changes that could benefit both patients and the healthcare industry. Other changes, if...more
12/11/2020
/ Comment Period ,
Department of Health and Human Services (HHS) ,
EHR ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
NPRM ,
OCR ,
Patient Privacy Rights ,
PHI ,
Proposed Rules ,
Right of Access
Healthcare providers face a dilemma when patients post complaints or make other statements on social media. Just because a patient has made certain information public does not mean that the provider can also post protected...more
10/9/2019
/ Corporate Fines ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Online Reviews ,
PHI ,
Social Networks ,
Yelp
The federal Department of Health and Human Services' Office for Civil Rights, which enforces HIPAA, maintains a website with very helpful "frequently asked questions" (FAQs) regarding the HIPAA Privacy Rule and Security Rule....more
4/23/2019
/ App Developers ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
EHR ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mobile Apps ,
New Guidance ,
OCR
• The U.S. Department of Health and Human Services on Dec. 28, 2018, announced the release of the "Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients" that provides a "Call to Action" to make...more
1/14/2019
/ Best Practices ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Food and Drug Administration (FDA) ,
Hackers ,
Health Care Providers ,
Health Clinics ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Hospitals ,
Information Technology ,
Medical Devices ,
NIST ,
Patient Safety ,
Personally Identifiable Information ,
PHI ,
Phishing Scams ,
Popular ,
Ransomware ,
Risk Mitigation ,
Standard of Care
On Dec. 28, 2018, the U.S. Department of Health and Human Services (HHS) announced the release of voluntary cybersecurity practices and tools for the healthcare industry. The documents were the result of Section 405(d) of the...more
1/4/2019
/ Best Practices ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Act of 2015 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Clinics ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
HITECH Act ,
NIST ,
Popular ,
Risk Mitigation
The Department of Health and Human Services' Office for Civil Rights (OCR) has issued a Request for Information, which is scheduled for publication in the Federal Register on Dec. 14, 2018. OCR is asking the public to provide...more
12/12/2018
/ Comment Period ,
Data Privacy ,
Data Security ,
Federal Register ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
OCR ,
PHI ,
Privacy Policy ,
Public Comment ,
Regulatory Agenda ,
Regulatory Burden ,
Request For Information ,
Value-Based Care
Another government settlement demonstrates that not having a HIPAA compliance program can be costly. U.S. Department of Health and Human Services (HHS)'s Office for Civil Rights (OCR) announced, on Dec. 4, 2018, that Advanced...more
12/6/2018
/ Corrective Actions ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
Policies and Procedures ,
Regulatory Oversight ,
Risk Management ,
Settlement Agreements
HIPAA and several other privacy laws do not include a private right of action. This is cold comfort for healthcare providers, health plans and other members of the healthcare industry if a patient is able to demonstrate that...more
11/16/2018
/ Appeals ,
Breach of Duty ,
Common Law Torts ,
Data Privacy ,
Department of Corrections ,
Duty of Confidentiality ,
Fiduciary Duty ,
Former Employee ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hiring & Firing ,
Medical Records ,
Negligence ,
Patient Privacy Rights ,
Physicians ,
Privacy Laws ,
Private Right of Action
Under HIPAA, patients have a right to information about certain disclosures, referred to as an accounting. Under the current iteration of the regulations, covered entities and business associates need not account for...more
5/15/2018
/ Accounting ,
Advanced Notice of Proposed Rulemaking (ANPRM) ,
Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Disclosure ,
Electronic Medical Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
OCR ,
Patient Rights ,
Proposed Rules ,
Recordkeeping Requirements
CMS issued a memo to state survey agency directors on December 28, 2017, to clarify CMS’s position on texting patient information. The memo, which indicates that it is effective “immediately,” states that CMS prohibits...more
The U.S. Department of Health and Human Services (HHS) has withdrawn a HIPAA rule that would have required controlling health plans (CHPs) to demonstrate compliance with certain HIPAA standards. The proposed rule, published...more
Medicaid -
Florida's Medicaid Third-Party Liability Act Pre-empted by Federal Law -
By Eddie Williams -
In Gallardo v. Dudek, Sec. of Florida Agency for Health Care Administration, No. 4:16cv116-MW/CAS, 2017 WL...more
6/7/2017
/ Anti-Kickback Statute ,
Antitrust Violations ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
DSM ,
Enforcement Actions ,
Failure To Warn ,
False Claims Act (FCA) ,
Federal v State Law Application ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medicaid ,
Medicaid Act ,
Misrepresentation ,
Noerr-Pennington Doctrine ,
OCR ,
Patent Infringement ,
Patents ,
Pharmaceutical Industry ,
Pharmacies ,
Preemption ,
Prescription Drugs ,
Sherman Act ,
Stark Law ,
Third-Party Liability ,
Unfair or Deceptive Trade Practices ,
Warning Labels
A number of new developments have taken place related to Health Insurance Portability and Accountability Act (HIPAA) privacy and security compliance, and enforcement is increasing. Healthcare providers, health plans and other...more
On Oct. 10, 2014, the 11th Circuit opinion in Murphy v. Dulay provides significant guidance regarding HIPAA authorization forms. One of the most important provisions of the opinion focuses on the fact that HIPAA...more
Covered entities and business associates have only until September 22, 2014 to update business associate agreements that were in place as of January 25, 2013. For those members of the health industry and their vendors that...more
Starting in 2015, eligible physicians and hospitals participating in the Medicare Electronic Health Records Incentive Program who do not adopt "meaningful" use" certified electronic health record (EHR) technology will no...more
On April 30, the Florida Legislature passed Senate Bill 1524, otherwise known as the Florida Information Protection Act of 2014. If signed by the governor, starting July 1, this bill will impose stringent new requirements on...more
Health care providers, health plans, business associates, and other entities affected by the federal HIPAA privacy and security regulations are quickly running out of excuses for not having a robust HIPAA compliance program...more
Way back on February 17, 2009, Congress passed a stimulus bill that contained provisions referred to as the Health Information Technology for Economic and Clinical Health ("HITECH") Act. The HITECH Act was geared toward...more
2/1/2013
/ Business Associates ,
Covered Entities ,
Data Protection ,
Decedent Protection ,
Department of Health and Human Services (HHS) ,
Fundraisers ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
Notice Requirements ,
OCR ,
PHI