Written by Kimberly Gold (Originally posted in Mintz Levin’s Health Law Policy Matters blog) Understanding the complexities of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules is often a challenge for health care providers and consumers. Recognizing the widespread confusion surrounding the interpretation of the rules, the U.S. Department… Continue Reading
Tag Archives: Patient Privacy
Countdown Begins for HIPAA Omnibus Rule Compliance
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten by Dianne J. Bourque and Stephanie D. Willis The HIPAA Omnibus Rule goes into effect today, which officially starts the clock for covered entities, business associates, and their subcontractors to begin updating their agreements, forms, policies, procedures, and practices to meet approaching compliance deadlines. Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance… Continue Reading
HIPAA Omnibus Rule Reference Chart
Posted in HIPAA/HITECH, Privacy RegulationBy Dianne J. Bourque, Kimberly J. Gold, Ellen L. Janos, Julie K. Lappas, James Sasso, Kate F. Stewart, and Stephanie D. Willis Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule. The chart lists provisions of the proposed privacy, security, and enforcement rules mandated by the Health Information Technology for… Continue Reading
Finally! HHS Office of Civil Rights Releases HIPAA Omnibus Rule With Sweeping Changes to Compliance Requirements and Enforcement
Posted in HIPAA/HITECH, Privacy RegulationBY DIANNE J. BOURQUE AND STEPHANIE D. WILLIS The final regulations1 from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally been released, but the hard work of interpreting them has just begun for covered entities, business associates, and downstream entities… Continue Reading
HITECH Omnibus Rule Basics
Posted in HIPAA/HITECH, Privacy Regulation, SecurityAs we pore through the 562-page HITECH Omnibus Rule released by the Department of Health and Services late yesterday afternoon, here are some top line bullet points: Effective Date: Rule becomes effective on March 26, 2013. Covered entities and business associates must comply by September 23, 2013. Business Associates are now front and center – During… Continue Reading
Words of Warning: “No breach too small”
Posted in Data Breach, Privacy RegulationAs originally posted in Mintz Levin’s Health Law & Policy Matters blog Written by: Stephanie D. WillisThe Department of Health and Human Services, Office for Civil Rights (OCR) reached its first settlement for a breach involving data regarding less than 500 individuals. Under the December 2012 settlement, the Hospice of North Idaho (HONI) will pay OCR a $50,000 penalty to resolve allegations that… Continue Reading
Mass Eye and Ear Infirmary Hit with $1.5M Breach Settlement
Posted in Data Breach, Data Breach Notification, HIPAA/HITECHOriginally posted by Dianne Bourque in Mintz Levin’s Health Law & Policy Matters blog As the old saying goes, “no good deed goes unpunished….” The most recent, published Office for Civil Rights (OCR) HIPAA enforcement action serves as an important reminder that self-reported breaches can and do lead to investigations and enforcement. Massachusetts Eye and Ear… Continue Reading
HIPAA Audit Protocols Now Public
Posted in Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten by: Dianne Bourque and Stephanie Willis As promised by the Department of Health and Human Services’ Office of Civil Rights (OCR) and as reported here on June 11th, OCR has released its HIPAA privacy and security audit protocols. The audit protocols are intended to cover the three main areas of HIPAA privacy and security enforcement: Privacy Rule requirements,… Continue Reading
The cost of HIPAA non-compliance – $17 million – UPDATE
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECHWritten by Kevin McGinty If it wasn’t clear before, a recent settlement of HIPAA claims brought by the Department of Health and Human Services against BlueCross BlueShield of Tennessee (“BCBST”) underscores the high regulatory cost of non-compliance with privacy requirements. HHS announced on March 13, 2012 that BCBST has agreed to pay $1.5 million… Continue Reading
HIPAA Audits Begin; Huge Medical Data Theft from California Provider
Posted in Data Breach, Data Breach Notification, HIPAA/HITECHOur sister blog, Health Law & Policy Matters, includes a detailed discussion (warning?) relating to the commencement of HIPAA audits by the Office of Civil Rights. That post can be found here, and it and the embedded links should be required reading for anyone involved with protected health information. Yesterday, we learned of a major… Continue Reading
Monday Morning Privacy 101
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, UncategorizedCan you identify the major problems lurking in this one short paragraph? We’ve given you some help. The UCLA Health System has notified more than 16,000 patients of the theft of their PHI during a home invasion of a former employee. The PHI was contained on an external computer hard drive and although the information… Continue Reading
New Texas Electronic Health Record Law Exceeds HIPAA Requirements
Posted in UncategorizedWritten by Dianne Bourque Texas covered entities (health care providers, health insurers and clearinghouses) and other entities that use and disclose PHI of Texas residents using electronic health records (EHRs) face new risks and stringent requirements under HB300, a new Texas privacy law. The new law, which is effective September 1, 2012, is more stringent… Continue Reading
University of California Pays Close to $1M to Settle Celebrity Health Record Snooping Complaint
Posted in UncategorizedWritten by Dianne Bourque and Cynthia Larose The University of California has paid $865,500 to the Office of Civil Rights (OCR) and agreed to a Corrective Action Plan to settle allegations that UCLA Health System (UCLAHS) employees repeatedly snooped in the electronic health records of celebrity patients. The OCR’s investigation was prompted by two separate… Continue Reading
Massachusetts General Hospital settles 2009 breach with Office of Civil Rights
Posted in Data Breach, HIPAA/HITECHThe cost of data breaches keeps on rising. Add another million to this week’s HIPAA charges. Just released this afternoon – the Office of Civil Rights announced that it has reached a settlement with Massachusetts General Hospital relating to a 2009 loss of medical records when a billing manager who was carrying the records accidentally… Continue Reading
Office of Civil Rights Speaks at HIMSS – on the heels of a $4.3 million fine to Cignet Health
Posted in UncategorizedThis week, we heard about the first civil money penalty under the HIPAA Privacy Rule for failure to provide access to medical records and willful neglect — and it was a whopper. The appearance of Adam Greene, Senior Health IT and Privacy Advisor to the Office of Civil Rights – the enforcement arm of the… Continue Reading
Arizona Hospital Workers Fired for Inappropriately Accessing Shooting Victim Records
Posted in UncategorizedWritten by Dianne Bourque Once again, a public event has piqued the “curiosity” of hospital employees in violation of HIPAA. The University Medical Center (UMC) at Tucson has fired three administrative staff and a contracted nurse for wrongfully accessing medical records related to the shooting rampage that killed six people and seriously injured Congresswoman Gabrielle Giffords. … Continue Reading
Improper Disposal Costs Rite Aid $1 Million
Posted in Data BreachWritten by Dianne Bourque Rite Aid has agreed to pay $1 million to settle allegations that it violated HIPAA by disposing of labeled pill bottles in unsecured dumpsters accessible to the public. The $1 million fine settles a joint Office of Civil Rights (OCR)/Federal Trade Commission (FTC) investigation prompted by televised media reports of pharmacies… Continue Reading
