News & Analysis as of

Business Associates HITECH Act Office of Civil Rights

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Holland & Knight LLP

What HIPAA Security Rule Surprises Await Healthcare Providers for the Second Half of 2024?

Holland & Knight LLP on

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has, as part of its mandate, the responsibility to enforce the Health Insurance Portability and Accountability Act (HIPAA) Security Rule....more

Benesch

Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance

Benesch on

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more

BakerHostetler

HHS OCR Provides Annual Report to Congress Detailing 2022 Enforcement Activities

BakerHostetler on

On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more

Locke Lord LLP

Office of Civil Rights Guidance on Recognized Security Practices Under the 2021 HITECH ‎Act Amendment

Locke Lord LLP on

Last year, Congress enacted an amendment to the HITECH Act in January 2021 (“HITECH Amendment”) to require that the Department of Health and Human Services (“HHS”) consider whether a covered entity or business associate has...more

BakerHostetler

HHS Proposes New Rule Aligning Part 2 Regulations with HIPAA

BakerHostetler on

On November 28, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Substance Abuse Mental Health Services Administration (SAMHSA) announced a Notice of Proposed Rulemaking...more

Goodwin

The Potential Impact of State Abortion Laws on Reproductive Health Apps

Goodwin on

Millions of women use reproductive health applications (or “apps”) to track menstrual cycles, ovulation, and pregnancy. These apps provide women that use the rhythm method for birth control and women seeking to become...more

McGuireWoods LLP

OCR Seeks Input on “Recognized Security Practices” as Mitigating Factor for HIPAA and HITECH Fines

McGuireWoods LLP on

• In 2021, HITECH was amended to add “recognized cybersecurity practices” as a mitigating factor when determining fines, audits and remedies against covered entities and business associates for violations of HIPAA....more

Health Care Compliance Association (HCCA)

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

Arnall Golden Gregory LLP

Recent OCR HIPAA Enforcement Actions and Request for Information on HITECH Implementation

Arnall Golden Gregory LLP on

Enforcement Actions - In its first announcement of enforcement actions in 2022, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) simultaneously announced the resolution of three...more

Wyrick Robbins Yates & Ponton LLP

Any Port in a Storm? OCR Seeks Comments on HIPAA “Safe Harbor” for Recognized Security Practices

Wyrick Robbins Yates & Ponton LLP on

Earlier this month, HHS’s Office for Civil Rights (OCR) issued a Request for Information (RFI) seeking comments on a statutory provision adopted last year that provides a quasi-safe harbor for entities that have voluntarily...more

Baker Donelson

Office For Civil Rights Seeks Input on Implementation of HITECH Amendments

Baker Donelson on

On April 6, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking public comment on "recognized security practices" and on sharing civil...more

Holland & Hart - Health Law Blog

Modified HIPAA Rules for Sending Records to Third Parties

Holland & Hart - Health Law Blog on

Thanks to a federal judge, the Office for Civil Rights has modified its rules for sending records to third parties. Covered entities are no longer required by HIPAA to send non-electronic protected health information (“PHI”)...more

Holland & Hart - Health Law Blog

Encrypt Your Devices or Face HIPAA Penalties

Holland & Hart - Health Law Blog on

This week, the Office for Civil Rights (“OCR”) announced a $3,000,000 HIPAA settlement arising from a medical center’s loss of an unencrypted laptop and flash drive. This is simply the latest of many HIPAA settlements based...more

Jones Day

HHS Releases Guidance on Direct Liability for Business Associates Under HIPAA

Jones Day on

The Situation: On May 24, 2019, the Department of Health and Human Services ("HHS") issued a new fact sheet clarifying business associates' direct liability for violations of the Health Insurance Portability and...more

Miller Canfield

Understanding When Business Associates Are Directly Liable Under HIPAA

Miller Canfield on

New guidance issued by the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) reaffirms that business associates must have proper HIPAA compliance practices, safeguards and documentation in place...more

Holland & Hart - Health Law Blog

Liability of Business Associates for HIPAA Penalties

Holland & Hart - Health Law Blog on

The HITECH Act extended certain HIPAA obligations to business associates, including those entities that create, receive, maintain or transmit protected health information (“PHI”) on behalf of covered entities. Business...more

Ballard Spahr LLP

HHS Decreases Maximum HIPAA Penalties

Ballard Spahr LLP on

The Department of Health and Human Services has announced that it is lowering the maximum amount it will assess for most types of HIPAA violations. Although the change is couched as an exercise of discretion, HHS states that...more

Davis Wright Tremaine LLP

HHS Reinterprets (and Significantly Lowers) Annual Penalty Caps for HIPAA Violations

Davis Wright Tremaine LLP on

The Department of Health and Human Services Office for Civil Rights (OCR) today announced that it is lowering the maximum total penalties it may assess against covered entities and business associates for multiple violations...more

Sheppard Mullin Richter & Hampton LLP

Cybersecurity, Inside Jobs, Outside Jobs, and HIPAA

Sheppard Mullin Richter & Hampton LLP on

According to a February 12, 2019 Press Release from Protenus, a developer of analytics for patient privacy monitoring and compliance, 15,085,302 patient records were breached in 2018 – a startling number made even more...more

Verrill

One Month Left to Submit Comments on HIPAA Request For Information

Verrill on

Last month, the Office for Civil Rights (“OCR”) within the U.S. Department of Health and Human Services (“HHS”) published a Request for Information (“RFI”) looking for recommendations and public input regarding the Health...more

BCLP

Healthcare Business Associates

BCLP on

The Health Information Technology for Economic and Clinical Health (“HITECH”) Act modified the Health Insurance Portability and Accountability Act (“HIPAA”) by expanding the definition of Business Associates (“BA”) and their...more

BakerHostetler

OCR Announces Intention to Move Forward With Development of Methodology to Distribute Enforcement Funds to Victims of HIPAA...

BakerHostetler on

The Office for Civil Rights (OCR) updated its agenda, outlining proposed and final rules as well as pre-rule document releases for 2018. A notable, and highly anticipated, advance notice of proposed rulemaking included on the...more

Holland & Knight LLP

A New HIPAA Accounting Rule on the Horizon?

Holland & Knight LLP on

Under HIPAA, patients have a right to information about certain disclosures, referred to as an accounting. Under the current iteration of the regulations, covered entities and business associates need not account for...more

Jackson Lewis P.C.

Cost-Benefit Analysis 101 For Healthcare Providers

Jackson Lewis P.C. on

Nary a week goes by without news of a data breach by a healthcare provider…while there are certainly a good number of breaches resulting from a breach of cybersecurity defenses or from the wrongful exploitation of system...more

Williams Mullen

HIPAA Check: Do You Know What to Do if a Breach Happens to You?

Williams Mullen on

Breaches happen. They happen to major health systems, and they happen to solo practitioners. They happen to health plans, and they happen to health information technology vendors. In our technology-reliant world, it would be...more

78 Results
 / 
View per page
Page: of 4
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide