Privacy Series: HIPAA Breaches - When It Is, and When It Is Not a Breach
Compliance Perspective: What's New in Healthcare Privacy
HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more
After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more
The HIPAA Privacy, Security, and Breach Notification Rules apply to healthcare providers who engage in certain electronic transactions, healthcare clearinghouses, and health plans, including employee group health plans with...more
In light of the ongoing investigation of Change Healthcare’s ransomware attack that resulted in the improper disclosure of thousands of individuals’ PHI, now seems like a perfect time to discuss HIPAA’s requirements...more
On February 12, 2024, the U.S. Department of Health and Human Services (“HHS”) published a notice in the Federal Register regarding reinstatement of the Health Information Portability and Accountability Act of 1996 (“HIPAA”)...more
Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more
Over the past decade, the number of health care data breaches reported to the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has increased dramatically. From 2009 to 2022, over 5,000 data...more
On February 1, 2023, the Federal Trade Commission (FTC) filed a complaint in the U.S. District Court for the Northern District of California alleging that digital health platform GoodRx violated the FTC Act by repeatedly...more
With 2023 underway, healthcare providers and other “covered entities,” as defined under the Health Insurance Portability and Accountability Act (“HIPAA”), should be mindful of the upcoming annual reporting deadline for small...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has been busy over the past month announcing new enforcement actions and settlement agreements related to violations of the Privacy...more
Please join us as Rivkin Radler Associate Ashley Algazi presents the September Lunch and Learn. The program will: - Review HIPAA breach definition - Discuss the analysis and investigation process to determine if a...more
If a Health Insurance Portability and Accountability Act (HIPAA)-covered entity experiences a data breach involving fewer than 500 individuals, the incident must be reported to the U.S. Department of Health and Human Services...more
When can a data breach get worse? When the process of notifying victims creates a second breach. Take the example of a cancer treatment center that recently paid $425,000 to settle allegations that included a faulty...more
Issue a final rule revising the privacy regulation and write guidance on the information blocking rule. Formalize the fledgling audit program required by Congress more than 10 years ago. Engage with providers and other...more
On April 28, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) entered into a resolution agreement with Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories...more
The United States Court of Appeals for the Fifth Circuit (the “Court”) vacated a $4,348,000 civil monetary penalty (“CMP”) imposed by the U.S. Department of Health and Human Services’ Office for Civil Rights (“HHS-OCR”) in...more
Health care technology has seen an incredible amount of change over the past twelve months. As health care providers and entities continue to provide patient care in unprecedented times, it is becoming increasingly important...more
A recent Resolution Agreement between a solo practitioner physician practice and the U.S. Department of Health and Human Services Office for Civil Rights (OCR) reveals how complying with HIPAA by reporting a business...more
Seyfarth Synopsis: The Director of HIPAA enforcement agency cautions that many covered entities are not meeting the basic HIPAA requirements and sees “low-hanging fruit” for enforcement activity....more
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more
Report on Patient Privacy 20, no. 1 (January 2020) - In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services imposed a $2,154,000 civil money penalty (CMP) against Jackson Health System (JHS) for violations of the Health Insurance Portability and...more
Most health care providers are aware that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its accompanying negotiations provide for the privacy and security of patients’ health care...more
In the top three of the list of highly sensitive personal data to be concerned about is our medical information. It’s so sensitive because it is so personal. It used to be that our medical information was located in paper...more