What if Artificial Intelligence (AI) is deployed within a health system to apply machine learning to patient information, in part, to allow patients to download information and wellness numbers (such as steps, blood pressure, and blood glucose levels) and to check on their own well-being without coming in for a professional visit? These activities coul… Continue Reading
March 1, 2018 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were discovered in calendar-year 2017. A small breach involves fewer than 500 individuals.
HIPAA Notification Requirements. HIPAA re… Continue Reading
Attending HIMSS in Las Vegas? Make Sure to Check Out Adam Greene’s Session, “HIPAA and a Cloud Computing Shared Security Model”
Cloud computing often involves a shared security model. The cloud service provider (CSP) may provide a virtual vault, but all of its security is meaningless if the customer uses a weak password. When a HIPAA covered entity o… Continue Reading
Adam Green, nationally-recognized authority on HIPAA and the HITECH Act, will be presenting on the Health Care Cloud Coalition’s monthly webinar “Health Cloud PrivSec Law 101” on Thursday, February 22nd, 2018 from 1-2pm ET.
In this webinar Adam will cover:
- A primer on privacy and security laws governing cloud providers and mobile app developer
US News reports: “A legislative panel has approved a bill that would require companies to inform South Dakota residents whose personal information was taken in a data breach,” and that “the state needs a fair reporting law that requires consumers to be notified about the loss of their infor… Continue Reading
To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then check them off as you complete them. We have included empty rows for you to add your own resolutions.
As with any New Year’s re… Continue Reading
“Following an increase in reported state data breaches in 2017, North Carolina’s attorney general and a state representative introduced data breach legislation to better protect individuals,” HealthIT Security reports.
The Health Care Compliance Association will be holding it’s Washington DC Regional Compliance Conference in Columbia, MD on March 9, 2018.
Adam Greene will be presenting “Preparing for and Responding to Malware under HIPAA”, including:
- Documenting preparedness for a malware attack
- Whether ransomware and other malware requires reporting unde
Ms. Sanches will provide an update on OCR ac… Continue Reading
The Code of Federal Regulations has recently published the 2017 version of the HIPAA regulations. This is the most up-to-date “official” version of the HIPAA regulations. We have created a version that includes PDF bookmarks to allow users to more easily jump from section to section.
Next year will be full of growing pains as both the public and private sector interpret, implement, and refine their efforts to comply with the GDPR. Large, multinational companies with a presence in the EU (and who are at the greatest risk of EU enforcement actions) will put pressure on their vendors across the globe to adopt pra… Continue Reading
As we close out 2017, check out our most read privacy & security blogs of the year!
1. 42 C.F.R. Part 2 Final Rule Is Officially Delayed … Can Comments to HHS and OMB Fix It?
On January 18, 2017, the U.S. Department of Health and Human Services (HHS) published a final rule amending the Confidentiality of Substance Use Disorder Patient Records rule a… Continue Reading
IAB Europe reported that it “presented a new technical standard to support the digital advertising ecosystem in meeting requirements relating to user consent under the General Data Protection Regulation (GDPR).”
There has been confusion as to whether the Affordable Care Act’s nondiscrimination provision (“ACA”) affects a covered entity’s notice of privacy practices (“NPP”) or data breach notifications. OCR has issued guidance indicating that ACA does indeed impact NPPs. Moreover, breach notifications also likely are affected. Accordingly, i… Continue Reading
The administrative simplification provision of the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA) impose obligations on employer-sponsored group health plans. Given recent high-profile HIPAA enforcement actions, employers should understand their compliance obligations. This checklist is inten… Continue Reading
New Guidance on HIPAA: Nine Changes to Make
While there have not been significant regulatory changes to HIPAA since 2013, that doesn’t mean that compliance can be static. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued guidance in several areas, ranging from an individual’s right of access to ransomware to vi… Continue Reading
This article first published in the IAPP’s Privacy Tracker blog.
In this Privacy Tracker series, we look at laws from across the globe and match them up against the EU General Data Protection Regulation. The aim is to help you determine how much duplication of operational effort you might avoid as you move toward GDPR compliance and help you focus your effo… Continue Reading
A not-for-profit health care system recently agreed to pay the Department of Health and Human Services (HHS) $2.4 million as part of a settlement over potential Health Insurance Portability and Accountability Act (HIPAA) violations. The incident at issue involved the system releasing a patient’s name to the press, consumer advocacy groups, and poli… Continue Reading
On April 24, 2017, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac arrhythmias, has paid $2.5 million to settle alleged HIPAA violations. This is the first HIPAA settlement involving a remote … Continue Reading
Protecting patient information is a central duty for both covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA). Should an entity subject to HIPAA fail to protect patient information, it may face possible enforcement action from the U.S. Department of Health and Human Services’ Office for … Continue Reading
Following the HITECH Act, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued regulations requiring HIPAA covered entities to provide certain notifications for breaches of unsecured protected health information. OCR provides data on its website for breaches affecting 500 or more individuals.
To better understand t… Continue Reading
On January 18, 2017, the U.S. Department of Health and Human Services (HHS) published a final rule amending the Confidentiality of Substance Use Disorder Patient Records rule at 42 C.F.R. Part 2. Yesterday, HHS delayed the effective date of the rule from February 17 to March 21. While the rule adds some much needed flexibility that will improve the abilit… Continue Reading
On February 1, 2017, the Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that the Children’s Medical Center of Dallas (“Children’s”) has paid a civil monetary penalty (“CMP”) of $3.2 million to resolve multiple HIPAA violations over several years. This CMP announcement raises a number of question… Continue Reading
March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were discovered in calendar-year 2016. A small breach involves fewer than 500 individuals.
HIPAA Notification Requirements. HIPAA re… Continue Reading