On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more
The Texas Health Services Authority (THSA) recently announced its selection of the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), the most widely adopted information privacy and security...more
The Telephone Consumer Protection Act (TCPA) generally limits automatically dialed and prerecorded telemarketing calls to wireless and residential phones. In the past, healthcare providers and other "advertisers" could rely...more
In a recent decision, New York's appellate court considered whether a "Computer Systems Fraud" insurance policy rider (Policy) covered losses that Universal American suffered as a result of fraudulent claims electronically...more
The Ponemon Institute's recent publication of its fourth annual 2013 Survey on Medical Identity Theft (Survey) confirmed what many in the healthcare industry already knew: identity theft is a serious and often overlooked...more
Although HIPAA does not create a private cause of action, a recent Indiana Superior Court jury verdict demonstrates that HIPAA still could play an important role in private causes of action in state court based on negligence...more
Although the HIPAA Omnibus Final Rule's expansion of business associate liability could create difficulties for healthcare providers and other covered entities seeking to negotiate business associate agreements with vendors...more
The Texas Legislature recently approved S.B. 166, a bill that would allow healthcare providers, including physicians, nurses, dentists and others to collect and verify patient data by simply swiping a patient's driver's...more
Adding yet another wrinkle to the nation’s contentious gun control debate, the U.S. Department of Health and Human Services (HHS) has released an Advance Notice of Proposed Rulemaking (ANPRM) soliciting information and public...more
The Joint Commission (TJC) recently published a Sentinel Event Alert (Alert) regarding “alarm fatigue,” which occurs when physicians are so overwhelmed by the constant barrage of medical device alarms, most of which do not...more
The long awaited HIPAA/HITECH Final Rule became effective March 26, 2013, but covered entities, business associates and subcontractors will have until September 23, 2013, to fully comply.
...more
Text messaging allows healthcare providers to deliver simple, relevant, and customizable health information instantaneously to their patients, like reminders to obtain a vaccine, take a medication or come to an important...more
In This Issue:
- A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule
1. Business Associates and Subcontractors
2. Breach Notification
3. Covered Entity Organizational Structures
4. Cloud...more
3/1/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Subcontractors
The U.S. Department of Health and Human Services (HHS) issued, on January 17, 2013, its final omnibus rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules as well...more
1/29/2013
/ Business Associates ,
Covered Entities ,
Cyber Insurance ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
OCR ,
Risk Assessment ,
Risk Management
The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more
1/21/2013
/ Compliance ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
HONI ,
Mobile Devices ,
OCR ,
Patient Confidentiality Breaches ,
PHI ,
Settlement
In This Issue:
- Healthcare Provisions in the American Taxpayer Relief Act - the Good, the Bad and the Ugly
- American Taxpayer Relief Act Amends Overpayment Recovery Time Limits
- OIG Advisory Opinion Sheds...more
1/14/2013
/ American Taxpayer Relief Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Breach ,
Electronic Medical Records ,
Fraud ,
Healthcare ,
OCR ,
OIG ,
Overpayment Recovery Time Limits ,
Pay-for-Performance ,
Reporting Requirements ,
Settlement
The breach notification interim final rule requires covered entities to submit to the Office for Civil Rights (OCR) notice of breaches of unsecured protected health information (PHI) (45 C.F.R. 164.408) by March 1, 2013....more
A California hospital that disclosed a patient’s medical record in response to a California Watch investigative report on the alleged inappropriate billing practices of the hospital’s parent organization was recently cited by...more
The HHS Office of Civil Rights (OCR) recently released guidance intended to assist covered entities in understanding what de-identification is, the general process by which de-identified information can be created, and the...more
The Department of Health and Human Services Office of Inspector General (“OIG”) recently published a report, CMS Response to Breaches and Medical Identity Theft (“Report”), which referenced 14 breaches of medical information...more