Earlier this month, the United States Department of Health and Human Services’ Office of Civil Rights (“OCR”), the organization that has jurisdiction over enforcement of the Health Insurance Portability and Accountability Act...more
12/20/2022
/ Cookies ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
PHI ,
Popular
The Office of Civil Rights (“OCR”), which is the federal agency that enforces the health care privacy rules under the Health Insurance Portability and Accountability Act (“HIPAA”), recently published guidance covering various...more
Late last week, the United States Department of Health and Human Services (HHS), Office for Civil Rights issued a Notice of Proposed Rulemaking (NPR) to make significant revisions to the Health Insurance Portability and...more
The Office of Civil Rights’ “Notification of Enforcement Discretion” regarding COVID- 19 and remote telehealth communications do not apply to information protected under 42 CFR Part 2. These Part 2 regulations protect the...more
We are often asked to advise clients regarding the scope and content of Health Insurance Portability and Accountability (HIPAA) policies and procedures that are required to be maintained. HIPAA clearly requires health care...more
Conducting HIPAA Breach Risk Assessments -
The HIPAA rules relating to assessment of potential patient confidentiality breaches were changed in 2013. Specifically, on January 17, 2013, the Office of Civil Rights released...more
4/4/2018
/ Best Practices ,
Covered Entities ,
Data Breach ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Confidentiality Breaches ,
PHI ,
Policies and Procedures ,
Reporting Requirements ,
Risk Assessment ,
Risk Mitigation
Failure to conduct a risk assessment before a hacking incident occurred resulted in a $400,000 settlement between the Office of Civil Rights (OCR) and a Federally Qualified Health Clinic (FQHC). The FQHC filed a breach...more
In the first known case involving a wireless provider, a cardiology service provider agreed to pay a $2.5 million settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI)....more
5/4/2017
/ Data Breach ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Laptop Computers ,
Mobile Devices ,
OCR ,
Risk Assessment ,
Risk Mitigation ,
Security Standards ,
Settlement
We can learn some valuable lessons about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) from settlements that are announced by the U.S. Department of Health and Human Services, Office...more