Written by Stephen Bentfield and previously published in Mintz Levin’s Health Law & Policy Matters Last week, the U.S. Department of Health and Human Services Office of Inspector General (OIG) released the results of a study entitled CMS Response to Breaches and Medical Identity Theft. OIG had two objectives for commencing this study. First, OIG sought to determine whether… Continue Reading
Tag Archives: HIPAA Privacy Rule
HIPAA Audit Protocols Now Public
Posted in Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten by: Dianne Bourque and Stephanie Willis As promised by the Department of Health and Human Services’ Office of Civil Rights (OCR) and as reported here on June 11th, OCR has released its HIPAA privacy and security audit protocols. The audit protocols are intended to cover the three main areas of HIPAA privacy and security enforcement: Privacy Rule requirements,… Continue Reading
University of California Pays Close to $1M to Settle Celebrity Health Record Snooping Complaint
Posted in UncategorizedWritten by Dianne Bourque and Cynthia Larose The University of California has paid $865,500 to the Office of Civil Rights (OCR) and agreed to a Corrective Action Plan to settle allegations that UCLA Health System (UCLAHS) employees repeatedly snooped in the electronic health records of celebrity patients. The OCR’s investigation was prompted by two separate… Continue Reading
Massachusetts General Hospital settles 2009 breach with Office of Civil Rights
Posted in Data Breach, HIPAA/HITECHThe cost of data breaches keeps on rising. Add another million to this week’s HIPAA charges. Just released this afternoon – the Office of Civil Rights announced that it has reached a settlement with Massachusetts General Hospital relating to a 2009 loss of medical records when a billing manager who was carrying the records accidentally… Continue Reading
Office of Civil Rights Speaks at HIMSS – on the heels of a $4.3 million fine to Cignet Health
Posted in UncategorizedThis week, we heard about the first civil money penalty under the HIPAA Privacy Rule for failure to provide access to medical records and willful neglect — and it was a whopper. The appearance of Adam Greene, Senior Health IT and Privacy Advisor to the Office of Civil Rights – the enforcement arm of the… Continue Reading
Improper Disposal Costs Rite Aid $1 Million
Posted in Data BreachWritten by Dianne Bourque Rite Aid has agreed to pay $1 million to settle allegations that it violated HIPAA by disposing of labeled pill bottles in unsecured dumpsters accessible to the public. The $1 million fine settles a joint Office of Civil Rights (OCR)/Federal Trade Commission (FTC) investigation prompted by televised media reports of pharmacies… Continue Reading