The new year began with an unusual amount of activity related to the Health Insurance Portability and Accountability Act (HIPAA). Health care providers, health plans, health care clearinghouses, and business associates subject to HIPAA will need to consider three significant developments—one regulatory, one legislative, and one judicial—relating to the Privacy and Security Rules under HIPAA [&hellip… Continue Reading »
Following a very quiet start in HIPAA settlement activity in 2020, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has recently announced eight settlements with covered entities and business associates. The most recent of these announcements involves the second-largest HIPAA settlement amount in OCR’s history, amounting to $6.85 million. [&hellip… Continue Reading »
Health care providers, health plans, and others who are subject to HIPAA are sure to have questions about when they may disclose information about individuals who have contracted, or been exposed to, Coronavirus (COVID-19). To address these questions, the Office of Civil Rights, U.S. Department of Health and Human Services, issued a bulletin, reminding us [&hellip… Continue Reading »
The U.S. Department of Health and Human Services Office of Civil Rights (OCR) imposed $2,154,000 in civil monetary penalties against Jackson Health System in Florida for failing to meet HIPAA privacy and security requirements. The OCR announcement and accompanying information detail violations that include: The unauthorized access by an employee to the records of more [&hellip… Continue Reading »
The Office for Civil Rights (OCR) at the Department of Health and Human Services announced it reached a settlement with Elite Dental Associates of Dallas (Elite) to resolve a complaint alleging Elite impermissibly disclosed a patient’s protected health information (PHI) on a social media website that reviews businesses. According to the complaint, Elite included the [&hellip… Continue Reading »
With all of the attention on Health Insurance Portability and Accountability Act (HIPAA) requirements to safeguard the privacy and security of a patient’s health information, covered entities sometimes overlook the HIPAA provisions that give patients rights to their information. This includes a patient’s right to access his or her medical and billing records from providers and [&hellip… Continue Reading »
On May 6, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an agreement with Touchstone Medical Imaging, LLC (Touchstone), settling allegations that Touchstone violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule by allowing uncontrolled public access to patients’ protected health information (PHI). Touchstone provides [&hellip… Continue Reading »
The Department of Health and Human Services has announced that it is lowering the maximum amount it will assess for most types of HIPAA violations. Although the change is couched as an exercise of discretion, HHS states that it is basing the modifications on a change in its interpretation of the penalty provisions set forth in [&hellip… Continue Reading »
After announcing that its HIPAA enforcement collections had reached a new high-water mark of $28.7 million in 2018, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services has started this year quietly. Through the first few months of 2019, the OCR has published no resolution agreements and it is [&hellip… Continue Reading »
A relatively quiet year for HIPAA enforcement is ending with a small flourish. The Office of Civil Rights of the Department of Health and Human Services (HHS) has announced two settlements with covered entities within the span of eight days. The first settlement involved Advanced Care Hospitalists (ACH), a company that provides internal medicine physicians to [&hellip… Continue Reading »
The Office of Civil Rights of the Department of Health and Human Services has announced settlements with three different Boston-area hospitals for allegedly compromising the privacy of protected health information by inviting documentary film crews on premises without first obtaining patient authorization. The three settlements call for a total of almost $1 million in penalty [&hellip… Continue Reading »
(The following is excerpted from Ballard Spahr’s CyberAdviser blog.) The Departmental Appeals Board of the U.S. Department of Health and Human Services has granted summary judgment against the University of Texas MD Anderson Cancer Center upholding $4.3 million in penalties against the Center for violations of HIPAA’s privacy and security rules. In this case, the [&hellip… Continue Reading »
The U.S. Court of Appeals for the Third Circuit has vacated a district court’s dismissal of a data breach class action filed against Horizon Healthcare Services Inc., in the wake of the 2013 theft of two computer laptops containing unencrypted personal information of Horizon Healthcare plan members. The decision potentially expands the circumstances under which [&hellip… Continue Reading »
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has posted an alert (and a follow-up alert) warning health plans, health care providers, and their vendors of a mock communication involving the OCR audit program under the Health Insurance Portability and Accountability Act (HIPAA). The email falsifies HHS departmental letterhead [&hellip… Continue Reading »
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has posted an alert (and a follow-up alert) warning health plans, health care providers, and their vendors of a mock communication involving the OCR audit program under the Health Insurance Portability and Accountability Act (HIPAA). The email falsifies HHS departmental [&hellip… Continue Reading »
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the cloud service provider is not able to view it. This unequivocal determination, made in recent guidance by the U.S. Department of Health and [&hellip… Continue Reading »
As we start looking forward to 2017, and as many employers head into annual enrollment periods this fall, it is necessary to account for changes in the law that have a significant impact on health benefit plans. This short list of significant developments may help you prepare for what is coming: Affordable Care Act (ACA) Reporting. The [&hellip… Continue Reading »
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced an agreement with Catholic Health Services of the Archdiocese of Philadelphia (CHCS), settling allegations that CHCS violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule by failing to protect electronic protected health information (ePHI). This is the first enforcement [&hellip… Continue Reading »
The Office of Civil Rights (OCR) of the Department of Health and Human Services has moved forward with Phase 2 of its Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit program. On Monday, July 11, 2016, OCR sent emails to 167 covered entities (including health plans, health care, and health care clearinghouses) notifying them [&hellip… Continue Reading »
The Office of Civil Rights (OCR) of the Department of Health and Human Services has begun Phase 2 of its audit program under the Health Insurance Portability and Accountability Act (HIPAA). In this phase, OCR will: · Collect contact information from covered entities and their business associates; · Audit selected covered entities and, later, business [&hellip… Continue Reading »
