Archives: Health Care

Subscribe to Health Care RSS Feed

ICYMI: PrivSec’s Weekly News Picks

Interactive Advertising Bureau Releases Technical Standard to Facilitate Disclosure and Consent in Digital Advertising

IAB Europe reported that it “presented a new technical standard to support the digital advertising ecosystem in meeting requirements relating to user consent under the General Data Protection Regulation (GDPR).”

 

Working Party 29 Releases Joint

ACA’s Nondiscrimination Taglines and Notices Require Updating Your Notice of Privacy Practices

There has been confusion as to whether the Affordable Care Act’s nondiscrimination provision (“ACA”) affects a covered entity’s notice of privacy practices (“NPP”) or data breach notifications. OCR has issued guidance indicating that ACA does indeed impact NPPs. Moreover, breach notifications also likely are affected. Accordingly, if they have not …

Employer-Sponsored Health Plan HIPAA Compliance Checklist

The administrative simplification provision of the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA) impose obligations on employer-sponsored group health plans. Given recent high-profile HIPAA enforcement actions, employers should understand their compliance obligations. This checklist is intended to assist plan sponsors with HIPAA compliance for their plans.…

A Draft Won’t Do: OCR Settles with CardioNet $2.5M for Failing to Finalize Policies and Procedures

On April 24, 2017, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac arrhythmias, has paid $2.5 million to settle alleged HIPAA violations. This is the first HIPAA …

HIPAA Small Breach Notifications Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely”

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were discovered in calendar-year 2016. A small breach involves fewer than 500 individuals.

HIPAA Notification

Time Waits for No One: OCR Announces First HIPAA Settlement for Lack of Timely Breach Notification

On Jan. 9, 2017, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced the first HIPAA enforcement action for failure to timely report a breach. Often investigating and making formal determinations concerning a potential breach can be very time consuming, even when responding promptly and appropriately …

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just compromised your computer and your network.

HIPAA covered entities and their business …

OCR Sets Sights on Smaller HIPAA Breaches

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) began more widely investigating these small breaches under the Health Insurance Portability …

It’s Not the Olympics, but OCR Sets New HIPAA Settlement Records

Athletes at the Rio Olympics aren’t the only ones setting records this year.  Hoping to send a “strong message” about the importance of safeguarding electronic protected health information (PHI) and conducting mandated risk analyses, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently reached the

On the Trail for Pokémon – and HIPAA Compliance

Pikachu, Alakazam, Bulbasaur, Charmander, and Squirtle can teach us a few things about HIPAA privacy.  Pokémon GO is a recent craze encouraging people to try to catch’em all.  As a result, employees, clients, and patients are scrambling around the halls of covered entities and business associates in search of elusive …

LexBlog