Written by Kevin McGinty If it wasn’t clear before, a recent settlement of HIPAA claims brought by the Department of Health and Human Services against BlueCross BlueShield of Tennessee (“BCBST”) underscores the high regulatory cost of non-compliance with privacy requirements. HHS announced on March 13, 2012 that BCBST has agreed to pay $1.5 million… Continue Reading
Tag Archives: HIPAA; HITECH Act
HIPAA Audits Begin; Huge Medical Data Theft from California Provider
Posted in Data Breach, Data Breach Notification, HIPAA/HITECHOur sister blog, Health Law & Policy Matters, includes a detailed discussion (warning?) relating to the commencement of HIPAA audits by the Office of Civil Rights. That post can be found here, and it and the embedded links should be required reading for anyone involved with protected health information. Yesterday, we learned of a major… Continue Reading
The HIPAA Auditors Are Coming! The HIPAA Auditors Are Coming!
Posted in UncategorizedIt is time for covered entities and business associates to jump start HIPAA privacy and security programs and make sure that everything is in compliance. GovInfoSecurity reports that the Department of Health and Human Services (HHS) has awarded a $9.2 million contract to KPMG to develop protocols for conducting the long-awaited HITECH Act-mandated HIPAA compliance audit… Continue Reading
University of California Pays Close to $1M to Settle Celebrity Health Record Snooping Complaint
Posted in UncategorizedWritten by Dianne Bourque and Cynthia Larose The University of California has paid $865,500 to the Office of Civil Rights (OCR) and agreed to a Corrective Action Plan to settle allegations that UCLA Health System (UCLAHS) employees repeatedly snooped in the electronic health records of celebrity patients. The OCR’s investigation was prompted by two separate… Continue Reading
HIPAA Enforcement on the Rise: Do You Know Who Your Business Associates Are??
Posted in UncategorizedWritten by Stephen Bentfield In the two-plus years since the enactment of the HITECH Act, the health care industry has seen a dramatic shift in federal and state HIPAA enforcement posture. Just within the last month, HHS announced a $4.3 million civil fine imposed on Cignet Health for failing to provide patients with copies of… Continue Reading
HHS Withdraws Breach Notification Final Rule (but breach notification still effective)
Posted in Data BreachInteresting press release from the Department of Health and Human Services (HHS) relating to the HITECH Breach Notification Final Rule. The Interim Final Rule is still effective, but one can’t help but wonder what HHS may be reconsidering given the numbers of breaches reported since September 2009.
First Ever State-initiated HIPAA Enforcement Action Settled
Posted in LegislationWritten by Dianne Bourque Connecticut Attorney General Richard Blumenthal has settled the first state-initiated HIPAA enforcement action. The settlement totals $250,000 in statutory damages and Health Net’s agreement to implement a variety of measures to improve the security of consumer health and personal information. Health Net also agreed to provide two years of credit monitoring… Continue Reading
HHS (Finally!) Issues Proposed HIPAA Privacy & Security Rule Changes
Posted in LegislationThe long-awaited proposed changes to the HIPAA Privacy Rules have finally been released by the Department of Health and Human Services (HHS). A joint statement issued today by the HHS and the Office of Civil Rights (OCR) says that the proposed regulations “would expand individuals’ rights to access their information and restrict certain disclosures of… Continue Reading
