In the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date, two New York hospitals have agreed to pay $4.8 million to settle allegations that they failed to secure thousands of patients’ electronic protected health information (ePHI) held on their shared network. Our sister blog, Health Law Policy Matters, provides an analysis of the incidents and… Continue Reading
HIPAA/HITECH
Subscribe to HIPAA/HITECH RSS FeedWe have seen this movie before ….. and we all should know that it does not end well.
Posted in Data Breach, HIPAA/HITECH, Privacy RegulationThis was originally posted on Mintz Levin’s Health Law & Policy Matters blog: Written by: Kimberly J. Gold How much is the cost of doing nothing when it comes to encryption of sensitive data? In the case of electronic protected health information, about $2 million. Two companies have been hit with fines equaling a total of almost… Continue Reading
Is Your HIPAA Compliance Program Going Out the Window with XP?
Posted in HIPAA/HITECHWritten by Dianne Bourque and Cynthia Larose April 8, 2014 marks the end of Microsoft’s support for the Windows XP operating system, which means the end of security updates from Microsoft and the beginning of new vulnerability to hackers and other intruders into systems still utilizing the operating system. But does the end of Windows… Continue Reading
On the First Day of Privacy, The OCR Gave to Me …..
Posted in HIPAA/HITECH, Privacy MondayWelcome to our series, “The 12 Days of Privacy” as we look to “gifts” that may be received this season and some of the big issues ahead …. Day One - - HIPAA 2014 – Where will the Audit Trail Lead? Written by: Dianne Bourque and Kimberly Gold The year 2013 started with a bang for… Continue Reading
Another major medical data breach in California
Posted in Data Breach, HIPAA/HITECH, SecurityWritten by Julia Siripurapu Or….why are health care institutions still leaving laptops containing PHI unencrypted???? The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group AHMC Healthcare Inc. (“AHMC”) in Alhambra, California that compromised the health data of approximately 729,000 individuals. The notice posted… Continue Reading
Privacy Monday - September 23, 2013: TODAY IS HIPAA COMPLIANCE DAY - 5 THINGS THAT YOU SHOULD HAVE DONE
Posted in HIPAA/HITECH, Privacy Monday, Privacy RegulationToday’s the day! Today marks the long-awaited compliance date for the HIPAA Omnibus Rule. In case you have put any thoughts of compliance with the Omnibus Rule out of your mind, you can no longer escape. Here are the key five things that you should have done by today: Update Notices of Privacy Practices… Continue Reading
Privacy Monday - September 16, 2013
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy MondayDis-Like! Senator Markey Urges the FTC to Investigate Facebook’s New Policies Written By Adam Veness As we previously reported here, Facebook has proposed a number of revisions to its Data Use Policy and Statement of Rights and Responsibilities. In response to these proposed changes, Senator Edward J. Markey (D-MA) sent a letter to the Federal… Continue Reading
REMINDER - HIPAA Omnibus Rule Compliance Webinar
Posted in HIPAA/HITECHHospital? Health care provider? Service provider to either a hospital or other health care provider? You’ll want to listen in to our HIPAA Omnibus Rule Compliance webinar — details here Topics covered by the webinar include: What to do if you currently have a comprehensive, effective program What to do if your compliance program consists… Continue Reading
HIPAA Procrastinator? Have we got a webinar for you….REMINDER
Posted in Data Breach Notification, HIPAA/HITECH, Privacy RegulationREMINDER July 23, 2013 at 1 PM ET - Register here The countdown is underway — the HIPAA Omnibus Rule compliance deadline is less than two months away! Covered entities and business associates have until September 23, 2013 to comply with important, new requirements under the HIPAA Omnibus Rule. To avoid penalties for noncompliance, organizations… Continue Reading
First HIPAA Resolution Agreement of 2013 — and it certainly will not be the last
Posted in HIPAA/HITECH, Privacy RegulationWritten by Stephanie D. Willis The HHS Office of Civil Rights (OCR) announced its first HIPAA Resolution Agreement of 2013 last week. According to the press release, Idaho State University (ISU) must pay OCR $400,000 and comply with the terms of a two-year corrective action plan (CAP) to address violations of the HIPAA Security Rule,… Continue Reading
Rx for HIPAA Compliance
Posted in HIPAA/HITECHWeighing in at half the length of Tolstoy’s legendary tome War and Peace, it is no surprise that the thought of the impending deadline for compliance with the 538-page HIPAA Omnibus Rule has left many small clinical practices feeling overwhelmed. HHS Office of Civil Rights (OCR) and the Workgroup for Electronic Data Interchange (WEDI) are co-sponsoring four… Continue Reading
Understanding HIPAA: OCR Publishes New Provider and Consumer Guides
Posted in HIPAA/HITECH, Privacy RegulationWritten by Kimberly Gold (Originally posted in Mintz Levin’s Health Law Policy Matters blog) Understanding the complexities of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules is often a challenge for health care providers and consumers. Recognizing the widespread confusion surrounding the interpretation of the rules, the U.S. Department… Continue Reading
Countdown Begins for HIPAA Omnibus Rule Compliance
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten by Dianne J. Bourque and Stephanie D. Willis The HIPAA Omnibus Rule goes into effect today, which officially starts the clock for covered entities, business associates, and their subcontractors to begin updating their agreements, forms, policies, procedures, and practices to meet approaching compliance deadlines. Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance… Continue Reading
The New HIPAA Omnibus Rule & Your Liability — A Detailed Review
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationBy Alden J. Bianchi, Dianne J. Bourque, Kimberly J. Gold, and Cynthia J. Larose As we have reported in this blog (here, here, here, here, and here), the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus… Continue Reading
Business Associates Beware
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECHIf you haven’t yet caught up with the new HIPAA Omnibus Rule and its consequences for those businesses who are not themselves healthcare providers, but are service providers to healthcare entities (and even further downstream than that….), you can take a listen to our recent webinar highlighting the most important changes and issues. A recent… Continue Reading
REMINDER — Webinar: The New HIPAA Omnibus Rule and Your Liability: TOMORROW
Posted in HIPAA/HITECH, Legislation, Privacy RegulationDon’t forget to register! Mintz Levin is presenting a webinar on January 30,2013 to discuss the impact of the HIPAA Omnibus Rule - the first, sweeping overhaul of the HIPAA privacy and security rules in a decade. Covered entities will want to participate to catch up on the finer details. Business associates and downstream entities – e.g., subcontractors, cloud providers, data storage… Continue Reading
OCR Releases Sample Business Associate Agreement Provisions
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten By Kimberly Gold The Department of Health and Human Services, Office for Civil Rights (OCR) has posted on its website sample business associate agreement provisions to help covered entities and business associates comply with the new business associate agreement requirements under the final HIPAA Omnibus Rule. The HIPAA Omnibus Rule modified the minimum required… Continue Reading
Webinar: The New HIPAA Omnibus Rule and Your Liability
Posted in HIPAA/HITECH, Privacy RegulationMintz Levin is presenting a webinar on January 30,2013 to discuss the impact of the HIPAA Omnibus Rule - the first, sweeping overhaul of the HIPAA privacy and security rules in a decade. Covered entities will want to participate to catch up on the finer details. Business associates and downstream entities — e.g., subcontractors, cloud… Continue Reading
HIPAA Omnibus Rule Reference Chart
Posted in HIPAA/HITECH, Privacy RegulationBy Dianne J. Bourque, Kimberly J. Gold, Ellen L. Janos, Julie K. Lappas, James Sasso, Kate F. Stewart, and Stephanie D. Willis Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule. The chart lists provisions of the proposed privacy, security, and enforcement rules mandated by the Health Information Technology for… Continue Reading
Finally! HHS Office of Civil Rights Releases HIPAA Omnibus Rule With Sweeping Changes to Compliance Requirements and Enforcement
Posted in HIPAA/HITECH, Privacy RegulationBY DIANNE J. BOURQUE AND STEPHANIE D. WILLIS The final regulations1 from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally been released, but the hard work of interpreting them has just begun for covered entities, business associates, and downstream entities… Continue Reading
HITECH Omnibus Rule Basics
Posted in HIPAA/HITECH, Privacy Regulation, SecurityAs we pore through the 562-page HITECH Omnibus Rule released by the Department of Health and Services late yesterday afternoon, here are some top line bullet points: Effective Date: Rule becomes effective on March 26, 2013. Covered entities and business associates must comply by September 23, 2013. Business Associates are now front and center — During… Continue Reading
Breaking News - HITECH Omnibus Rule Published
Posted in HIPAA/HITECH, Privacy RegulationAfter months of waiting, we have just learned that the HITECH regulations — otherwise known as the Omnibus Rule — have been published. Our team has already started to dive in and we will be publishing detailed analyses both here and at our sister blog, Health Law & Policy Matters. Stay tuned for more -… Continue Reading
OCR Issues Guidance Methods for De-Identification of PHI Under HIPAA
Posted in HIPAA/HITECHOriginally posted in Health Law Policy Matters Written by Julie K. Lappas The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has released guidance on the methods that covered entities and business associates can use to de-identify protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act… Continue Reading
Centers for Medicare & Medicaid Services (CMS) Falls Short in Response to Healthcare Data Breaches
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy RegulationWritten by Stephen Bentfield and previously published in Mintz Levin’s Health Law & Policy Matters Last week, the U.S. Department of Health and Human Services Office of Inspector General (OIG) released the results of a study entitled CMS Response to Breaches and Medical Identity Theft. OIG had two objectives for commencing this study. First, OIG sought to determine whether… Continue Reading
