Report on Patient Privacy 22, no. 9 (September, 2022) -
When recommending best practices, federal privacy and security officials stress that organizations need to follow their protected health information (PHI) wherever...more
9/12/2022
/ Business Associates ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Improper Disposal ,
OCR ,
PHI ,
Settlement Agreements
Report on Research Compliance 19, no. 7 (July, 2022) -
NIH’s highest ranking external advisory committee had just heard a spirited, hour-long explanation about the agency’s Advanced Research Project Agency for Health...more
Report on Patient Privacy 22, no. 6 (June, 2022) -
Sometimes numbers tell the most compelling story. So, here are some associated with a cyberattack the University of Vermont Medical (UVM) Center suffered in October 2020...more
Report on Patient Privacy 22, no. 3 (March, 2022) -
Typically a “legacy” describes the lasting impact of an influential person or movement, most often in a positive sense. Not so with medical devices. When legacy is applied...more
3/14/2022
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Hospitals ,
Incident Response Plans ,
Medical Devices ,
PHI ,
Physicians ,
Popular
Report on Patient Privacy 22, no. 2 (February, 2022) -
The new national health information network calls for a number of privacy and security safeguards and standards that, in some instances, exceed what HIPAA covered...more
2/14/2022
/ Audits ,
Business Associates ,
Certifications ,
Covered Entities ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Notification Requirements ,
PHI ,
Popular
Report on Research Compliance 19, no. 2 (January 27, 2022) -
The trial was to be like any other that the clinical research organization (CRO) would oversee. The six-month study, known as VESTRI, would involve pediatric...more
1/28/2022
/ Clinical Trials ,
Criminal Prosecution ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Food and Drug Administration (FDA) ,
Guilty Pleas ,
Health Care Providers ,
Healthcare Fraud ,
Informed Consent ,
Money Laundering ,
Pediatrics ,
Physicians
Report on Patient Privacy 21, no. 11 (November, 2021) -
Attorney Brad Hammer doesn’t always don a suit and tie, or what he calls his “lawyer’s uniform.” A privacy and security expert and founder of the Vakaris Group based...more
11/15/2021
/ Business Associates ,
Chief Compliance Officers ,
Covered Entities ,
Cyber Attacks ,
Cyber Insurance ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Information Security ,
Information Technology ,
Phishing Scams ,
Policies and Procedures ,
Ransomware ,
Risk Mitigation ,
Training
Report on Patient Privacy 21, no. 10 (October, 2021) -
Conducting a risk analysis is a basic tenet of security compliance, with the overarching goal of understanding where protected health information (PHI) “lives” in an...more
10/15/2021
/ Business Associates ,
China ,
Covered Entities ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
FBI ,
Hackers ,
Health Care Providers ,
National Security ,
PHI ,
Physicians ,
Risk Mitigation
Report on Research Compliance 18, no. 10 (October, 2021) -
An audit by the HHS Office of Inspector General (OIG) of the National Human Genome Research Institute’s (NHGRI) pre-award risk assessment process concluded that...more
9/28/2021
/ Audits ,
Clinical Trials ,
Compliance ,
Criminal Conspiracy ,
Criminal Prosecution ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
False Statements ,
Form 990 ,
Grants ,
Guilty Pleas ,
Health Care Providers ,
Indictments ,
Institutional Review Board (IRB) ,
IRS ,
Mail Fraud ,
Massachusetts Institutie of Technology (MIT) ,
Medical Records ,
Medical Research ,
Money Laundering ,
National Institute of Health (NIH) ,
Office for Human Research Protections (OHRP) ,
OIG ,
Plea Agreements ,
Policies and Procedures ,
Research Funding ,
Restitution ,
Risk Assessment ,
Sexual Harassment ,
Third-Party Risk ,
Wire Fraud
Report on Patient Privacy 21, no. 7 (July, 2021) -
...These heartfelt comments are among those submitted to the HHS Office for Civil Rights (OCR) in response to its January notice of proposed rulemaking (NPRM), which...more
7/9/2021
/ Caregivers ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mental Health ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
PHI ,
Physicians ,
Public Comment ,
Substance Abuse
Report on Patient Privacy 21, no. 6 (June 2021) -
...So begins the provocative lawsuit filed against Methodist Hospital System in Houston by 117 employees who do not want to be vaccinated against COVID-19. Despite the...more
6/11/2021
/ Coronavirus/COVID-19 ,
Electronic Medical Records ,
Employee Incentive Plans ,
Employee Privacy Rights ,
Employee Rights ,
Employer Liability Issues ,
Employer Rights ,
Employment Policies ,
Equal Employment Opportunity Commission (EEOC) ,
Health and Safety ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Workers ,
HIPAA Violations ,
Hospitals ,
Infectious Diseases ,
Masks ,
Medical Records ,
Physicians ,
Vaccinations ,
Workplace Safety
Report on Research Compliance 18, no. 6 (June 2021) -
Clemson University is pushing back against recommendations by auditors for the National Science Foundation Office of Inspector General (OIG) that it repay $276,440,...more
5/24/2021
/ Compliance ,
Criminal Conspiracy ,
Data Transfers ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Environmental Protection Agency (EPA) ,
FDA Warning Letters ,
Federal Grants ,
Food and Drug Administration (FDA) ,
Guilty Pleas ,
Health Care Providers ,
HHS Office of Research Integrity (ORI) ,
Hospitals ,
National Institute of Health (NIH) ,
National Science Foundation ,
Noncompliance ,
OIG ,
OSTP ,
Pharmaceutical Industry ,
Reporting Requirements ,
Restitution ,
Scientific Research ,
Trade Secrets ,
Universities
Report on Patient Privacy 21, no. 5 (May 2021) -
Given the hundreds of thousands of HIPAA covered entities (CEs) and business associates (BAs) and the two dozen or so enforcement actions the HHS Office for Civil Rights...more
5/7/2021
/ Business Associates ,
Cooperation ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Failure to Notify ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Investigations ,
OCR ,
PHI ,
Popular
Report on Research Compliance 18, no. 4 (April 2021) -
Following social injustice protests over police brutality against Black people and the health disparities accelerated by the COVID-19 pandemic, an advisory committee...more
3/29/2021
/ Coronavirus/COVID-19 ,
Disparate Treatment ,
Diversity and Inclusion Standards (D&I) ,
Health Care Providers ,
Healthcare Facilities ,
Hospitals ,
Minorities ,
National Institute of Health (NIH) ,
Physicians ,
Race Discrimination ,
Request For Information ,
Social Justice Issues
Report on Patient Privacy 21, no. 2 (February 2021) -
Unless an extension is granted or the notice of proposed rulemaking (NPRM) is withdrawn, covered entities (CEs) and business associates (BAs) have until late March to...more
2/26/2021
/ Business Associates ,
Comment Period ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
HIPAA Privacy Rule ,
HIPAA Violations ,
Medical Records ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Right of Access ,
Settlement Agreements
Report on Patient Privacy 20, no. 12 (December 10, 2020) -
In late September, Anthem Inc. entered into a $39.5 million settlement for a 2014 data breach that affected nearly 79 million individuals. About a week later,...more
12/18/2020
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Hackers ,
Health Care Providers ,
Health Insurance ,
HIPAA Breach ,
Medical Records ,
PHI ,
Settlement ,
State Attorneys General
Report on Research Compliance 17, no. 12 (December 2020) -
Finalizing a document issued last year, on Nov. 9 the Food and Drug Administration issued “Enhancing the Diversity of Clinical Trial Populations—Eligibility...more
11/25/2020
/ Clinical Trials ,
Comment Period ,
Coronavirus/COVID-19 ,
Criminal Conspiracy ,
Criminal Prosecution ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Digital Health ,
Electronic Communications ,
Food and Drug Administration (FDA) ,
Guilty Pleas ,
Health Care Providers ,
Health Technology ,
HHS Office of Research Integrity (ORI) ,
Infectious Diseases ,
Institutional Review Board (IRB) ,
Intent to Defraud ,
Medical Records ,
Medical Research ,
National Institute of Health (NIH) ,
Office for Human Research Protections (OHRP) ,
Office of Laboratory Animal Welfare (OLAW) ,
Pediatrics ,
Pharmaceutical Industry ,
Physicians ,
Public Comment ,
Public Health ,
Research and Development ,
Telehealth ,
Veterinarians ,
Wire Fraud
Report on Patient Privacy 20, no. 10 (October 2020) -
September was quite the month for enforcement actions by the HHS Office for Civil Rights (OCR). The agency announced eight settlements totaling more than $10 million....more
10/16/2020
/ Business Associates ,
Compliance ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Data Breach ,
De-Identified Protected Health Information ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Settlement
Report on Patient Privacy 20, no. 9 (September 2020) -
The fact that people are the weakest link in compliance is a truism in the privacy and security world. But just how weak is this link, and how likely is it that...more
9/15/2020
/ Compliance ,
Data Security ,
Employee Misconduct ,
Government Studies ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Workers ,
HIPAA Violations ,
Hospitals ,
Insurance Agents ,
Medical Records ,
Nurses ,
Patient Privacy Rights ,
Physicians
Report on Patient Privacy 20, no. 8 (August 2020) -
Last month, leaders from Agape Health Services in rural Washington, North Carolina, were happy to share photos of the shell of a building in neighboring Plymouth, that,...more
8/10/2020
/ Chief Compliance Officers ,
Civil Monetary Penalty ,
Compliance ,
Corrective Action Plans (CAPs) ,
Data Breach ,
FQHC ,
Health Care Providers ,
HIPAA Security Rule ,
Laches ,
Noncompliance ,
OCR ,
Patient Privacy Rights ,
Rural Health Care Providers ,
Settlement
Report on Patient Privacy 20, no. 7 (July 2020) -
During the first six months of this year, 228 breaches affecting 500 or more individuals were reported to the HHS Office for Civil Rights (OCR), and of the top 20, five...more
Report on Research Compliance 17, no. 7 (July 2020) -
NIH has opened its “initial data set and tools” in its All of Us research program to investigators under a new beta model that does not allow downloading of...more
6/29/2020
/ Audits ,
Compliance ,
Coronavirus/COVID-19 ,
Export Controls ,
FDA Approval ,
Food and Drug Administration (FDA) ,
GAO ,
Health Care Providers ,
HHS Office of Research Integrity (ORI) ,
Hospitals ,
Medical Research ,
National Institute of Health (NIH) ,
OIG ,
Pharmaceutical Industry ,
Research and Development ,
Universities ,
Virus Testing
Report on Patient Privacy 20, no. 6 (June 2020):
Being a health care provider in the midst of a pandemic is complicated enough, between offering telehealth services, perhaps for the first time, and helping workers continue...more
6/15/2020
/ Business Associates ,
Coronavirus/COVID-19 ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Equal Employment Opportunity Commission (EEOC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Workers ,
OCR ,
Patient Privacy Rights ,
PHI
Report on Patient Privacy 20, no. 1 (January 2020) -
In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more
1/13/2020
/ Ambulance Providers ,
Business Associates ,
Compliance ,
Corrective Action Plans (CAPs) ,
Corrective Actions ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Encryption ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Security Rule ,
OCR ,
PHI ,
Security Risk Assessments ,
Settlement