Privacy Series: HIPAA Breaches - When It Is, and When It Is Not a Breach
Compliance Perspective: What's New in Healthcare Privacy
During the first half of this webinar, Jen Mitchell, Bryan Murray and Laura Fryan, will focus on practical tips and pointers on avoiding a HIPAA breach and what lessons you can take away from the Change Healthcare breach. ...more
In light of the changing legal landscape following Dobbs v. Jackson Women’s Health Organization, the Department of Health and Human Services (the “Department”) issued a final rule (link, and corresponding fact sheet link)...more
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
In March of this year, The Office for Civil Rights of the Department of Health and Human Services issued a letter addressing the recent cybersecurity incident impacting many health care entities, primarily Change Healthcare,...more
On February 12, 2024, the U.S. Department of Health and Human Services (“HHS”) published a notice in the Federal Register regarding reinstatement of the Health Information Portability and Accountability Act of 1996 (“HIPAA”)...more
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more
On February 1, 2023, the Federal Trade Commission (“FTC”) announced that it filed a “first-of-its-kind proposed order” under its Health Breach Notification Rule promulgated pursuant to section 13407 of the American Recovery...more
On February 1, 2023, the FTC announced a proposed $1.5 million settlement with GoodRx Holdings, based on alleged violations of the Federal Trade Commission Act (“FTC Act”) and Health Breach Notification Rule (“HBNR”) for...more
On November 28, 2022, the Department of Health and Human Services (HHS) issued a proposed rule to modify the confidentiality protections of Substance Use Disorder (SUD) patient treatment records under 42 CFR Part 2 (Part 2)...more
General and specialty compliance training from the comfort of your home or office! HCCA’s Regional Healthcare Compliance Conferences provide practitioners with virtual compliance training that includes updates on the...more
In general, both state and federal laws apply to health information or protected health information that is in the possession of hospitals, health systems, and medical providers. HIPAA requires that covered entities...more
HIPAA-covered entities should note the quickly approaching March 1, 2022 deadline for reporting breaches of unsecured protected health information that occurred in 2021 and involved fewer than 500 individuals. This article...more
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
On June 16, and then on July 6, 2021, Connecticut Governor Ned Lamont signed into law a pair of bills that together address privacy and cybersecurity in the state....more
Cyberattacks against healthcare providers accounted for 79% of all reported data breaches in 2020. (See here). The U.S. Department of Health and Human Services’ (HHS) Office of the Assistant Secretary for Preparedness and...more
Recently the Health Care Compliance Association released the new Health Care Privacy Handbook, 3rd Edition. https://www.hcca-info.org/health-care-privacy-handbook To learn what’s new in the book and in healthcare privacy...more
Regulatory bodies are upping the ante when it comes to settling with companies that have suffered data breaches. In addition to the below settlements, see also the settlement between the OCR and Dignity Health....more
Seyfarth Synopsis: The Director of HIPAA enforcement agency cautions that many covered entities are not meeting the basic HIPAA requirements and sees “low-hanging fruit” for enforcement activity....more
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency....more
The University of Rochester Medical Center (URMC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $3 million no-fault settlement agreement and two year corrective...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services imposed a $1.6 million civil money penalty (CMP) against the Texas Health and Human Services Commission, Department of Aging and Disability...more
A reporter from the Philadelphia Inquirer discovered that sensitive data of hepatitis patients were accessible online through a Philadelphia Department of Public Health (DPH) website tool without the need for a password. The...more
July 2019 was the worst month in history for health care data breaches, with a total of 50 breaches that affected a total of more than 500 records reported to the Office for Civil Rights (OCR) according to HIPAA Journal. ...more
What have you done for me lately? Now that the tune is stuck in your head, specifically, have you recently conducted a thorough and up to date risk assessment in accordance with the requirements of the Health Insurance...more