Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Category Archives: HIPAA/HITECH

Subscribe to HIPAA/HITECH RSS Feed

Another major medical data breach in California

Posted in Data Breach, HIPAA/HITECH, Security

Written by Julia Siripurapu Or….why are health care institutions still leaving laptops containing PHI unencrypted???? The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group AHMC Healthcare Inc. (“AHMC”) in Alhambra, California that compromised the health data of approximately 729,000 individuals. The notice posted… Continue Reading

Privacy Monday – September 23, 2013: TODAY IS HIPAA COMPLIANCE DAY – 5 THINGS THAT YOU SHOULD HAVE DONE

Posted in HIPAA/HITECH, Privacy Monday, Privacy Regulation

Today’s the day!    Today marks the long-awaited compliance date for the HIPAA Omnibus Rule. In case you have put any thoughts of compliance with the Omnibus Rule out of your mind, you can no longer escape. Here are the key five things that you should have done by today: Update Notices of Privacy Practices… Continue Reading

Privacy Monday – September 16, 2013

Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Monday

Dis-Like! Senator Markey Urges the FTC to Investigate Facebook’s New Policies Written By Adam Veness As we previously reported here, Facebook has proposed a number of revisions to its Data Use Policy and Statement of Rights and Responsibilities.  In response to these proposed changes, Senator Edward J. Markey (D-MA) sent a letter to the Federal… Continue Reading

REMINDER – HIPAA Omnibus Rule Compliance Webinar

Posted in HIPAA/HITECH

Hospital?  Health care provider?  Service provider to either a hospital or other health care provider?    You’ll want to listen in to our HIPAA Omnibus Rule Compliance webinar — details here Topics covered by the webinar include: What to do if you currently have a comprehensive, effective program What to do if your compliance program consists… Continue Reading

HIPAA Procrastinator? Have we got a webinar for you….REMINDER

Posted in Data Breach Notification, HIPAA/HITECH, Privacy Regulation

 REMINDER July 23, 2013 at 1 PM ET – Register here   The countdown is underway — the HIPAA Omnibus Rule compliance deadline is  less than two months away! Covered entities and business associates have until September 23, 2013 to comply with important, new requirements under the HIPAA Omnibus Rule. To avoid penalties for noncompliance, organizations… Continue Reading

First HIPAA Resolution Agreement of 2013 — and it certainly will not be the last

Posted in HIPAA/HITECH, Privacy Regulation

Written by Stephanie D. Willis   The HHS Office of Civil Rights (OCR) announced its first HIPAA Resolution Agreement of 2013 last week.  According to the press release, Idaho State University (ISU) must pay OCR $400,000 and comply with the terms of a two-year corrective action plan (CAP) to address violations of the HIPAA Security Rule,… Continue Reading

Rx for HIPAA Compliance

Posted in HIPAA/HITECH

Weighing in at half the length of Tolstoy’s legendary tome War and Peace, it is no surprise that the thought of the impending deadline for compliance with the 538-page  HIPAA Omnibus Rule  has left many small clinical practices feeling overwhelmed.   HHS Office of Civil Rights (OCR) and the Workgroup for Electronic Data Interchange (WEDI) are co-sponsoring four… Continue Reading

Understanding HIPAA: OCR Publishes New Provider and Consumer Guides

Posted in HIPAA/HITECH, Privacy Regulation

Written by Kimberly Gold (Originally posted in Mintz Levin’s Health Law Policy Matters blog) Understanding the complexities of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules is often a challenge for health care providers and consumers.  Recognizing  the widespread confusion surrounding the interpretation of the rules, the U.S. Department… Continue Reading

Countdown Begins for HIPAA Omnibus Rule Compliance

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

Written by Dianne J. Bourque and Stephanie D. Willis The HIPAA Omnibus Rule goes into effect today, which officially starts the clock for covered entities, business associates, and their subcontractors to begin updating their agreements, forms, policies, procedures, and practices to meet approaching compliance deadlines. Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance… Continue Reading

The New HIPAA Omnibus Rule & Your Liability — A Detailed Review

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

By Alden J. Bianchi, Dianne J. Bourque, Kimberly J. Gold, and Cynthia J. Larose As we have reported in this blog (here, here, here, here, and here), the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus… Continue Reading

Business Associates Beware

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECH

If you haven’t yet caught up with the new HIPAA Omnibus Rule and its consequences for those businesses who are not themselves healthcare providers, but are service providers to healthcare entities (and even further downstream than that….), you can take a listen to our recent webinar highlighting the most important changes and issues. A recent… Continue Reading

REMINDER — Webinar: The New HIPAA Omnibus Rule and Your Liability: TOMORROW

Posted in HIPAA/HITECH, Legislation, Privacy Regulation

Don’t forget to register! Mintz Levin is presenting a webinar on January 30,2013 to discuss the impact of the HIPAA Omnibus Rule - the first, sweeping overhaul of the HIPAA privacy and security rules in a decade. Covered entities will want to participate to catch up on the finer details. Business associates and downstream entities – e.g., subcontractors, cloud providers, data storage… Continue Reading

OCR Releases Sample Business Associate Agreement Provisions

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

 Written By Kimberly Gold   The Department of Health and Human Services, Office for Civil Rights (OCR) has posted on its website sample business associate agreement provisions to help covered entities and business associates comply with the new business associate agreement requirements under the final HIPAA Omnibus Rule. The HIPAA Omnibus Rule modified the minimum required… Continue Reading

Webinar: The New HIPAA Omnibus Rule and Your Liability

Posted in HIPAA/HITECH, Privacy Regulation

Mintz Levin is presenting a webinar on January 30,2013 to discuss the impact of the HIPAA Omnibus Rule – the first, sweeping overhaul of the HIPAA privacy and security rules in a decade. Covered entities will want to participate to catch up on the finer details. Business associates and downstream entities – e.g., subcontractors, cloud… Continue Reading

HIPAA Omnibus Rule Reference Chart

Posted in HIPAA/HITECH, Privacy Regulation

By Dianne J. Bourque, Kimberly J. Gold, Ellen L. Janos, Julie K. Lappas, James Sasso, Kate F. Stewart, and Stephanie D. Willis Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule. The chart lists provisions of the proposed privacy, security, and enforcement rules mandated by the Health Information Technology for… Continue Reading

Finally! HHS Office of Civil Rights Releases HIPAA Omnibus Rule With Sweeping Changes to Compliance Requirements and Enforcement

Posted in HIPAA/HITECH, Privacy Regulation

BY DIANNE J. BOURQUE AND STEPHANIE D. WILLIS The final regulations1 from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally been released, but the hard work of interpreting them has just begun for covered entities, business associates, and downstream entities… Continue Reading

HITECH Omnibus Rule Basics

Posted in HIPAA/HITECH, Privacy Regulation, Security

As we pore through the 562-page HITECH Omnibus Rule released by the Department of Health and Services late yesterday afternoon, here are some top line bullet points: Effective Date:  Rule becomes effective on March 26, 2013.  Covered entities and business associates must comply by September 23, 2013. Business Associates are now front and center – During… Continue Reading

OCR Issues Guidance Methods for De-Identification of PHI Under HIPAA

Posted in HIPAA/HITECH

Originally posted in Health Law Policy Matters Written by Julie K. Lappas The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has released guidance on the methods that covered entities and business associates can use to de-identify protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act… Continue Reading

Centers for Medicare & Medicaid Services (CMS) Falls Short in Response to Healthcare Data Breaches

Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation

Written by Stephen Bentfield  and previously published in Mintz Levin’s Health Law & Policy Matters Last week, the U.S. Department of Health and Human Services Office of Inspector General (OIG) released the results of a study entitled CMS Response to Breaches and Medical Identity Theft.  OIG had two objectives for commencing this study.  First, OIG sought to determine whether… Continue Reading

Mass Eye and Ear Infirmary Hit with $1.5M Breach Settlement

Posted in Data Breach, Data Breach Notification, HIPAA/HITECH

Originally posted by Dianne Bourque in Mintz Levin’s Health Law & Policy Matters blog As the old saying goes, “no good deed goes unpunished….”    The most recent, published Office for Civil Rights (OCR) HIPAA enforcement action serves as an important reminder that self-reported breaches can and do lead to investigations and enforcement.   Massachusetts Eye and Ear… Continue Reading

HIPAA Audit Protocols Now Public

Posted in Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

Written by:  Dianne Bourque and Stephanie Willis As promised by the Department of Health and Human Services’ Office of Civil Rights (OCR) and as reported here on June 11th, OCR has released its HIPAA privacy and security audit protocols.  The audit protocols are intended to cover the three main areas of HIPAA privacy and security enforcement: Privacy Rule requirements,… Continue Reading