Written By Kimberly Gold The Department of Health and Human Services, Office for Civil Rights (OCR) has posted on its website sample business associate agreement provisions to help covered entities and business associates comply with the new business associate agreement requirements under the final HIPAA Omnibus Rule. The HIPAA Omnibus Rule modified the minimum required… Continue Reading
Tag Archives: Hitech Act
Patient privacy group welcomes HHS withdrawal of HITECH Act breach notification rule
Posted in Data BreachThe Patient Privacy Rights Foundation welcomed last week’s announcement by the Department of Health and Human Services (HHS) that it was withdrawing the health data breach notification rule. The Foundation called the withdrawal a “huge step in the right direction” and reiterated its disappointment with the ‘harm threshold’ provision, which allows health care providers to… Continue Reading
July 13 Data Security Workshop – FREE
Posted in Data BreachOn July 13, Mintz Levin will be joined by Sophos, Six Weight Consulting, and MFA Cornerstone Consulting to hold a free compliance workshop focused on both the gaps and overlap of Massachusetts’ data protection regulation 201 CMR 17.oo and the recent updates to federal health and medical data privacy found in the HITECH Act. We’ll… Continue Reading
Proposed HITECH Regulations Out in May?
Posted in LegislationBuried in a part of today’s Federal Register was the publication of the Department of Health and Human Services’ regulatory agenda. The agenda presents a forecast of expected HHS rulemaking activities and suggests that in May of this year HHS will issue the long-awaited proposed rules to modify the HIPAA Privacy, Security, and Enforcement Rules… Continue Reading
HHS Announces Delay in Enforcement of HITECH Rules as Applied to Business Associates
Posted in LegislationAs we have discussed before, HHS’s Office of Civil Rights has let it be known that a proposed rule implementing the HITECH Act’s privacy and security provisions as they apply to business associate liability is in the works. The proposed rule will also deal with new limitations on the sale of protected health information, marketing,… Continue Reading
Quick Compliance Survey
Posted in Data BreachNo, we’re not “taking names” here. This is just a 10-question survey to gauge some basic compliance metrics. Please participate! Click here to take survey
Today is the day……
Posted in Data Compliance & SecurityAfter implementation delays and rule changes, new data protection regulations that are widely considered the most stringent in the nation take effect today. The Massachusetts data security regulations require institutions that hold personal data on Massachusetts citizens to encrypt that information and implement written data protection policies, reports the Boston Globe. Discussion continues and questions… Continue Reading
Today’s compliance deadline – Enforcement of the HITECH/HIPAA data breach notification rule
Posted in Data BreachFebruary and March are just full of significant deadlines for privacy/security reporting and compliance. Today is the day that the Health & Human Services Office of Civil Rights begins to enforce the HITECH/HIPAA data breach notification rule. To “celebrate” the occasion, the agency publicly posted the first list of reported breaches affecting 500 or more… Continue Reading
HITECH Act Compliance Date Arrived — Without the Promised Regulatory Guidance
Posted in LegislationWe have been so focused on the upcoming Massachusetts data security deadline, that we let one last week go without fanfare. As we have gently reminded you on several occasions, the new HIPAA privacy and security rules contained in the Health Information Technology for Clinical and Economic Health Act (HITECH) became effective on February 17th…. Continue Reading
Data Privacy Day Tip #2 – HITECH Act
Posted in LegislationWritten by Dianne BourqueEffective February 17, 2010, significant new compliance obligations will be imposed on business associates through the HITECH provisions of the American Recovery and Reinvestment Act of 2009 (“ARRA”). Business associates (or organizations that use or disclose protected health information on behalf of covered entities subject to HIPAA) will be directly liable for… Continue Reading
Connecticut Attorney General Brings Charges Against Health Net for HIPAA Violations
Posted in Data BreachWritten by Dianne Bourque On January 13, Connecticut Attorney General Richard Blumenthal filed charges against Health Net of Connecticut, Inc., for violating federal privacy law. Blumenthal is the first state attorney general to file such a suit using HIPAA enforcement authority granted to states under the HITECH provisions of the American Recovery and Reinvestment… Continue Reading
Massachusetts Data Security Standards vs. New HIPAA Guidelines
Posted in Data Compliance & SecurityHere’s a link to an article (by the author of this blog…) comparing the Massachusetts data security standards (effective January 1, 2010) to the Department of Health & Human Services Guidelines promulgated under the new HITECH Act (effective in mid-September). Compliance challenges are coming on all fronts — and it’s best not to duplicate… Continue Reading
