News & Analysis as of

Business Associates Covered Entities HIPAA Breach

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - December 9th - 12th, San Diego, CA

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - November 18th - 21st, Boston, MA

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

Holland & Knight LLP

HIPAA Breach Notice Can Be Delegated to Change Healthcare

Holland & Knight LLP on

After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more

Rivkin Radler LLP

[Webinar] Lunch and Learn Series: Conducting HIPAA Breach Assessments and Disclosures: Requirements and Tips for Success - June...

Rivkin Radler LLP on

On Thursday, June 13, the next installment of Rivkin Radler’s Healthcare Compliance Lunch & Learn series, will be presented by Rivkin Radler Partner Ashley Algazi and moderated by Robert Hussar. The program, “Conducting HIPAA...more

Dorsey & Whitney LLP

HHS OCR Settles HIPAA Investigation with Business Associate for $350,000

Dorsey & Whitney LLP on

Over the past decade, the number of health care data breaches reported to the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has increased dramatically. From 2009 to 2022, over 5,000 data...more

Dorsey & Whitney LLP

FTC Takes First Enforcement Action for Violation of the Health Breach Notification Rule - A Federal Health Privacy Rule Beyond...

Dorsey & Whitney LLP on

On February 1, 2023, the Federal Trade Commission (FTC) filed a complaint in the U.S. District Court for the Northern District of California alleging that digital health platform GoodRx violated the FTC Act by repeatedly...more

Rivkin Radler LLP

[Webinar] Lunch and Learn Series: Conducting HIPAA Breach Assessments and Disclosures: Requirements and Tips for Success -...

Rivkin Radler LLP on

Please join us as Rivkin Radler Associate Ashley Algazi presents the September Lunch and Learn. The program will: - Review HIPAA breach definition - Discuss the analysis and investigation process to determine if a...more

Health Care Compliance Association (HCCA)

Still Missing a New Leader, Former OCR Directors, Experts Offer Advice, Task List

Issue a final rule revising the privacy regulation and write guidance on the information blocking rule. Formalize the fledgling audit program required by Congress more than 10 years ago. Engage with providers and other...more

Arnall Golden Gregory LLP

No Good Deed Goes Unpunished: Reporting Business Associate’s HIPAA Breach Results in Liability for Covered Entity

A recent Resolution Agreement between a solo practitioner physician practice and the U.S. Department of Health and Human Services Office for Civil Rights (OCR) reveals how complying with HIPAA by reporting a business...more

Health Care Compliance Association (HCCA)

Under New Settlement, Ambulance Co. Pays OCR $65K, Must Quickly Encrypt Computers

Report on Patient Privacy 20, no. 1 (January 2020) - In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more

Robinson+Cole Data Privacy + Security Insider

Privacy Tip #191 – Trying to Protect Your Medical Information—Let’s Ask Questions About Data Security

In the top three of the list of highly sensitive personal data to be concerned about is our medical information. It’s so sensitive because it is so personal. It used to be that our medical information was located in paper...more

Holland & Hart - Health Law Blog

HHS Reduces the Annual Cap for Most HIPAA Penalties

HIPAA penalties vary depending on the type of conduct involved. (45 CFR § 160.404). Under HHS’s prior interpretation, the types of violations were all subject to an annual maximum penalty of $1,500,000 for identical types of...more

Sheppard Mullin Richter & Hampton LLP

Cybersecurity, Inside Jobs, Outside Jobs, and HIPAA

According to a February 12, 2019 Press Release from Protenus, a developer of analytics for patient privacy monitoring and compliance, 15,085,302 patient records were breached in 2018 – a startling number made even more...more

Robinson+Cole Data Privacy + Security Insider

Lessons Learned from Recent OCR HIPAA Audits

Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights...more

Robinson+Cole Data Privacy + Security Insider

OCR Warns Health Care Industry of Risks with Previous Employees

In its November newsletter, the Office for Civil Rights (OCR) made a great point that we are seeing in the industry—the risks associated with previous employees. According to its newsletter, entitled “Insider Threats and...more

Nossaman LLP

Don’t Forget HIPAA’s “Minimum Necessary” Rule When Making Health Information Disclosures

Nossaman LLP on

When Covered Entities or Business Associates or their counsel analyze whether a particular disclosure of Protected Health Information (or “PHI,” as defined in HIPAA) is permissible, they should be sure also to analyze whether...more

Poyner Spruill LLP

Five Takeaways from the OCR Reminder on HIPAA Obligations In Ransomware Incidents

Poyner Spruill LLP on

Apparently prompted by the recent high-profile wave of ransomware attacks, the Department of Health and Human Services’ Office of Civil Rights (OCR) has reminded hospitals, healthcare systems, and other covered entities and...more

Snell & Wilmer

2017 HIPAA Enforcement – Appears Not To Be Slowing Down

Snell & Wilmer on

To state the obvious, there has been some uncertainty regarding how the Trump Administration will affect federal agency enforcement efforts. However, at least, in regard to HIPAA Privacy and Security, the U.S. Department of...more

Perkins Coie

Another HIPAA Settlement: Stolen Laptop Costs $2.5 Million Plus Encryption Requirement

Perkins Coie on

The U.S. Department of Health and Human Services (HHS) recently announced yet another HIPAA privacy and security settlement involving Protected Health Information (PHI) on a stolen laptop. Although this might be seen as just...more

Sherman & Howard L.L.C.

Healthcare Advisory: HHS Announces First Settlement with a Wireless Health Services Provider

On April 24, 2017, the Department of Health and Human Services, Office of Civil Rights (“OCR”), announced its first settlement with a wireless health services provider, CardioNet, Inc., for alleged violations of the Health...more

Williams Mullen

2017 HIPAA Enforcement: New Settlements and Penalties Already Total Over $11,000,000

Williams Mullen on

In our last post, we highlighted the 2016 settlements between the Office for Civil Rights (OCR) and various covered entities (and business associates), in one of OCR’s most active years. As of now, 2017 is proving to be on...more

Robinson+Cole Data Privacy + Security Insider

UMass Amherst Settles HIPAA Violations with OCR for $650,000

The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a...more

Akerman LLP - Health Law Rx

HIPAA Audits – Phase 2: On-Site Audits Scheduled for First Quarter of 2017

Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators. The U.S. Department of Health and Human Services Office for Civil Rights...more

Sherman & Howard L.L.C.

Failure Under the HIPAA Security Rule Costs $2.14 Million

Sherman & Howard L.L.C. on

On October 18, 2016, the Department of Health and Human Services, Office of Civil Rights (“OCR”) announced a $2.14 million settlement with St. Joseph Health (“St. Joseph”), a non-profit integrated Catholic healthcare delivery...more

Bradley Arant Boult Cummings LLP

Taking Measure of HIPAA Enforcement

Last month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced the largest settlement to date for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA)....more

44 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide