Archives: Health Care

Subscribe to Health Care RSS Feed

Don’t Miss Adam Greene at the Health Care Compliance Association’s Washington DC Regional Conference

The Health Care Compliance Association will be holding it’s Washington DC Regional Compliance Conference in Columbia, MD on March 9, 2018.

Adam Greene will be presenting “Preparing for and Responding to Malware under HIPAA”, including:

  • Documenting preparedness for a malware attack
  • Whether ransomware and other malware requires reporting unde
Continue Reading

Don’t Miss Out: The Health Care Cloud Coalition Monthly Meeting With Guest Speaker Linda Sanches From the Office for Civil Rights

The Health Care Cloud Coalition is kicking off it’s 2018 Monthly Meeting Series next Thursday, January 18th at 1:00 p.m. Eastern with a presentation from Linda Sanches, the Senior Advisor for Health IT and Privacy Policy from the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”).

Ms. Sanches will provide an update on OCR ac… Continue Reading

2018 Predictions in Privacy & Security

GDPR – all year, all the time

Next year will be full of growing pains as both the public and private sector interpret, implement, and refine their efforts to comply with the GDPR. Large, multinational companies with a presence in the EU (and who are at the greatest risk of EU enforcement actions) will put pressure on their vendors across the globe to adopt pra… Continue Reading

PrivSec Blog Year in Review: Top 10 PrivSec Blog Posts in 2017

As we close out 2017, check out our most read privacy & security blogs of the year!

 

1. 42 C.F.R. Part 2 Final Rule Is Officially Delayed … Can Comments to HHS and OMB Fix It?

On January 18, 2017, the U.S. Department of Health and Human Services (HHS) published a final rule amending the Confidentiality of Substance Use Disorder Patient Records rule a… Continue Reading

ICYMI: PrivSec’s Weekly News Picks

Interactive Advertising Bureau Releases Technical Standard to Facilitate Disclosure and Consent in Digital Advertising

IAB Europe reported that it “presented a new technical standard to support the digital advertising ecosystem in meeting requirements relating to user consent under the General Data Protection Regulation (GDPR).”

 

WorContinue Reading

ACA’s Nondiscrimination Taglines and Notices Require Updating Your Notice of Privacy Practices

There has been confusion as to whether the Affordable Care Act’s nondiscrimination provision (“ACA”) affects a covered entity’s notice of privacy practices (“NPP”) or data breach notifications. OCR has issued guidance indicating that ACA does indeed impact NPPs. Moreover, breach notifications also likely are affected. Accordingly, i… Continue Reading

Employer-Sponsored Health Plan HIPAA Compliance Checklist

The administrative simplification provision of the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA) impose obligations on employer-sponsored group health plans. Given recent high-profile HIPAA enforcement actions, employers should understand their compliance obligations. This checklist is inten… Continue Reading

Webinar Recording: New Guidance on HIPAA: Nine Changes to Make

New Guidance on HIPAA: Nine Changes to Make

While there have not been significant regulatory changes to HIPAA since 2013, that doesn’t mean that compliance can be static. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued guidance in several areas, ranging from an individual’s right of access to ransomware to vi… Continue Reading

GDPR matchup: The Health Insurance Portability and Accountability Act

This article first published in the IAPP’s Privacy Tracker blog.

In this Privacy Tracker series, we look at laws from across the globe and match them up against the EU General Data Protection Regulation. The aim is to help you determine how much duplication of operational effort you might avoid as you move toward GDPR compliance and help you focus your effo… Continue Reading

Public Still Must Be Kept Private Under HIPAA

A not-for-profit health care system recently agreed to pay the Department of Health and Human Services (HHS) $2.4 million as part of a settlement over potential Health Insurance Portability and Accountability Act (HIPAA) violations. The incident at issue involved the system releasing a patient’s name to the press, consumer advocacy groups, and poli… Continue Reading

A Draft Won’t Do: OCR Settles with CardioNet $2.5M for Failing to Finalize Policies and Procedures

On April 24, 2017, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac arrhythmias, has paid $2.5 million to settle alleged HIPAA violations. This is the first HIPAA settlement involving a remote … Continue Reading

HIPAA Enforcement Actions by the Numbers

Protecting patient information is a central duty for both covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA).  Should an entity subject to HIPAA fail to protect patient information, it may face possible enforcement action from the U.S. Department of Health and Human Services’ Office for … Continue Reading

42 C.F.R. Part 2 Final Rule Is Officially Delayed … Can Comments to HHS and OMB Fix It?

On January 18, 2017, the U.S. Department of Health and Human Services (HHS) published a final rule amending the Confidentiality of Substance Use Disorder Patient Records rule at 42 C.F.R. Part 2. Yesterday, HHS delayed the effective date of the rule from February 17 to March 21. While the rule adds some much needed flexibility that will improve the abilit… Continue Reading

To Settle or Not to Settle – That Is the Question Raised by Recent HIPAA CMPs

On February 1, 2017, the Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that the Children’s Medical Center of Dallas (“Children’s”) has paid a civil monetary penalty (“CMP”) of $3.2 million to resolve multiple HIPAA violations over several years. This CMP announcement raises a number of question… Continue Reading

HIPAA Small Breach Notifications Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely”

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were discovered in calendar-year 2016. A small breach involves fewer than 500 individuals.

HIPAA Notification Requirements. HIPAA re… Continue Reading

The Price of PHI – A $2.2 Million USB Drive

A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life Insurance Company of Puerto Rico (“MAPFRE”) after an unencrypted USB data storage device containing records of approximately 2,… Continue Reading

Time Waits for No One: OCR Announces First HIPAA Settlement for Lack of Timely Breach Notification

On Jan. 9, 2017, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced the first HIPAA enforcement action for failure to timely report a breach. Often investigating and making formal determinations concerning a potential breach can be very time consuming, even when responding promptly and appropriately to the eve… Continue Reading

2017 Health Information Privacy and Security New Year’s Resolutions

To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then check them off as you complete them. We have included empty rows for you to add your own resolutions.

As with any New Year’s resolution… Continue Reading

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just compromised your computer and your network.

HIPAA covered entities and their business associates should beware of potential phishing at… Continue Reading

Just Around the Corner – HIPAA Audits for Business Associates

Financial organizations that are business associates can expect a wave of HIPAA desk audits to evaluate the HIPAA compliance efforts of business associates.  These audits have a limited focus and are conducted by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR).  For business associates, desk audits will target breacContinue Reading

LexBlog