Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Tag Archives: HIPAA Privacy Rule

Centers for Medicare & Medicaid Services (CMS) Falls Short in Response to Healthcare Data Breaches

Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation

Written by Stephen Bentfield  and previously published in Mintz Levin’s Health Law & Policy Matters Last week, the U.S. Department of Health and Human Services Office of Inspector General (OIG) released the results of a study entitled CMS Response to Breaches and Medical Identity Theft.  OIG had two objectives for commencing this study.  First, OIG sought to determine whether… Continue Reading

HIPAA Audit Protocols Now Public

Posted in Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

Written by:  Dianne Bourque and Stephanie Willis As promised by the Department of Health and Human Services’ Office of Civil Rights (OCR) and as reported here on June 11th, OCR has released its HIPAA privacy and security audit protocols.  The audit protocols are intended to cover the three main areas of HIPAA privacy and security enforcement: Privacy Rule requirements,… Continue Reading

University of California Pays Close to $1M to Settle Celebrity Health Record Snooping Complaint

Posted in Uncategorized

Written by Dianne Bourque and Cynthia Larose The University of California has paid $865,500 to the Office of Civil Rights (OCR) and agreed to a Corrective Action Plan to settle allegations that UCLA Health System (UCLAHS) employees repeatedly snooped in the electronic health records of celebrity patients.  The OCR’s investigation was prompted by two separate… Continue Reading

Massachusetts General Hospital settles 2009 breach with Office of Civil Rights

Posted in Data Breach, HIPAA/HITECH

The cost of data breaches keeps on rising.  Add another million to this week’s HIPAA charges. Just released this afternoon – the Office of Civil Rights announced that it has reached a settlement with Massachusetts General Hospital relating to a 2009 loss of medical records when a billing manager who was carrying the records accidentally… Continue Reading

Improper Disposal Costs Rite Aid $1 Million

Posted in Data Breach

Written by Dianne Bourque Rite Aid has agreed to pay $1 million to settle allegations that it violated HIPAA by disposing of labeled pill bottles in unsecured dumpsters accessible to the public. The $1 million fine settles a joint Office of Civil Rights (OCR)/Federal Trade Commission (FTC) investigation prompted by televised media reports of pharmacies… Continue Reading