Archives: Health Care

Subscribe to Health Care RSS Feed

Just Around the Corner – HIPAA Audits for Business Associates


Financial organizations that are business associates can expect a wave of HIPAA desk audits to evaluate the HIPAA compliance efforts of business associates.  These audits have a limited focus and are conducted by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR).  For business associates, desk audits will target breacContinue Reading

OCR Sets Sights on Smaller HIPAA Breaches

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) began more widely investigating these small breaches under the Health Insurance … Continue Reading

HIPAA Audit Check-Up – Where We Are and What’s to Come

Phase 2 of the HIPAA audits is fully underway, and covered entities now can take a breath if they have not received a desk audit request. But we still are at the beginning of Phase 2, with more to come.

Preparing for Audits. Some steps that covered entities and business associates can take to further prepare:

  • Business associates should verify that risk analysi
Continue Reading

It’s Not the Olympics, but OCR Sets New HIPAA Settlement Records

Athletes at the Rio Olympics aren’t the only ones setting records this year.  Hoping to send a “strong message” about the importance of safeguarding electronic protected health information (PHI) and conducting mandated risk analyses, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently reached the largesContinue Reading

On the Trail for Pokémon – and HIPAA Compliance

Pikachu, Alakazam, Bulbasaur, Charmander, and Squirtle can teach us a few things about HIPAA privacy.  Pokémon GO is a recent craze encouraging people to try to catch’em all.  As a result, employees, clients, and patients are scrambling around the halls of covered entities and business associates in search of elusive Pokémon, hoping to take a capt… Continue Reading

Top Takeaways from IAPP

The world of privacy grows every day as more data goes through the cloud. The new trends and weekly data breaches make conferences like the Global Privacy Summit all the more relevant.

Earlier this month we went to IAPP’s annual event and networked with many professionals in the privacy sphere. Here were some of our key takeaways:

1. Connect with your FBI Continue Reading

HIPAA Audits Are Here: What to Expect When You are Expecting (an Audit)

The Phase 2 audit program for HIPAA compliance is under way. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that it had launched the Phase 2 audits to examine and assess how covered entities and their business associates are adhering to the HIPAA Privacy, Security, and Breach Notification Rules. OCR will survey … Continue Reading

Advisory Alert: Can Ransomware Trap Your Health Information?


The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has been highlighting the threat posed by “ransomware”—when an organization is locked out of its own systems and files by cyber criminals who then demand the organization pay a ransom to regain access.  OCR launched its Cyber-Awareness initiative on Feb. 2 by emaili… Continue Reading

February 2016: The Month of Groundhog Day, Super Bowl 50, Valentine’s Day … and HIPAA Breach Notifications

Feb. 29, 2016, a/k/a Leap Day, is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were discovered in calendar-year 2015.

A small breach involves fewer than 500 individuals. While HIPAA requires cover… Continue Reading

Advisory Alert: Proposed Changes to the Alcohol and Drug Abuse Treatment Confidentiality Rule

health care

On Feb. 9, 2016, the U.S. Department of Health and Human Services Substance Abuse and Mental Health Services Administration (SAMHSA) published in the Federal Register a proposed rule putting forth amendments to the Alcohol and Drug Abuse Treatment Confidentiality Rule at 42 C.F.R. Part 2 (the “Part 2 Rule”). A redline of the proposed changes to the … Continue Reading

As if a 20-Year Consent Order Wasn’t Enough Fun: FTC Brings First Monetary Settlement in Information Security Case

The FTC reached a $250,000 settlement with a 20-year consent order with Henry Schein Practice Solutions, Inc. over its use of allegedly subpar encryption technology in its offering to dental practices. This settlement is particularly noteworthy for a number of reasons:

  • In addition to the typical 20-year consent order (in this case requiring Schein to ma
Continue Reading

Advisory Alert: NY Attorney General Reaches Settlement over Exiting Clinician Taking Patient List

It may not be a big dollar amount ($15,000), but a recent New York Attorney General settlement represents a big issue—interpreting that HIPAA prohibits a health care professional who is changing practices from taking a patient list without the patients’ authorizations. Health care providers should review their procedures surrounding departing p… Continue Reading

Confusion Continues Over Medical Identity Theft Victim Rights under HIPAA

In a Nov. 10, 2015 letter, the Chairs and Ranking Members of the Senate Committee on Health, Education, Labor, and Pensions and the Committee on Finance raised concerns with the U.S. Department of Health and Human Services (“HHS”) regarding what HHS is doing to support and protect victims of medical identity theft in the wake of large health informatio… Continue Reading

DWT Releases Latest Health Care Breach Charts


Safeguarding patient information is at the core of responsibilities for health care entities under the Health Insurance Portability and Accountability Act (HIPAA). But safeguarding patient information isn’t just a regulatory requirement; every medical professional who takes the Hippocratic Oath (Modern Version) swears to respect patient priv… Continue Reading

Are Attorneys Entitled to “HIPAA Rate”?

Over the past year, numerous lawsuits and complaints to the HHS Office for Civil Rights (“OCR”) have been filed by plaintiffs’ attorneys over a seemingly obscure HIPAA issue – the rate that health care providers and their release-of-information contractors may charge attorneys for copies of their clients’ medical records. In response to a Fr… Continue Reading

NIST Issues Draft Guidance for Mobile Health Data

mobile health

With health care breaches constantly on the rise, increasing access to electronic health records (EHRs) from mobile devices, and more prevalent “shadow” cloud use, health care organizations are getting a bit of help from the National Institute of Standards and Technology (NIST) with a draft cybersecurity guide: “NIST is soliciting stakeholder … Continue Reading

Advisory Alert: Proposed HHS Rule Sets the Stage for Changes to the Meaningful Use Program

On March 30, the Department of Health and Human Services’ (HHS) Centers for Medicare & Medicaid Services (CMS) published its proposed rulemaking for Stage 3 of the Medicare and Medicaid Electronic Health Records (EHR) Incentive Program in the Federal Register. According to HHS, the proposed Stage 3 rule, if adopted, would simplify the EHR Incenti… Continue Reading