Archives: HIPAA

Subscribe to HIPAA RSS Feed

HHS Announces $400,000 HIPAA Settlement with Community Health Center

The Department of Health and Human Services Office of Civil Rights (HHS OCR) recently settled with a notable covered entity – a nonprofit Federally Qualified Community Health Center (FQHC) – over alleged Health Information Portability and Accountability Act (HIPAA) Privacy and Security Rule violations. With the FQHC agreeing to pay $400,000 to HHS and entering … Continue Reading

Task Forces in 10 States Target Providers of Services to Elderly

On March 30, 2016, the US Department of Justice (DOJ) announced that healthcare providers who serve the elderly in the following 10 states will have task forces looking over their shoulders: California, Georgia, Kansas, Kentucky, Iowa, Maryland, Ohio, Pennsylvania, Tennessee and Washington. Known as the Elder Justice Task Forces (Task Forces), these partnerships combine the … Continue Reading

Triple S’ Violations Spark HHS’ Triple Enforcement Actions

HHS recently agreed to a $3.5 million resolution with business associates and covered entities for numerous violations of the Privacy, Breach Notification, and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA).  Triple S, as the parties are collectively known, seemed to miss the regulatory ball in a few ways, like protected health … Continue Reading

Anthem Data Breach: A Dramatic Reminder about Data Security

News of the data breach suffered by Anthem continues to dominate the news (here, here, and here for example).  And, further raising the stakes, class action lawsuits from individuals whose information has potentially been compromised are beginning to roll into courthouses across the country (California, Alabama, Indiana, Georgia, California (again), and California (again)).  Because health care data is such a … Continue Reading

FBI Warns of “Spear Phishing” for Your Data and Ideas

The widely reported data breach at Community Health Systems, Inc. (CHS) appears to have relied upon a “spear phish email” to launch the initial malware, according to a recent alert from the FBI. Experts engaged by CHS believe that the attacker is an “Advanced Persistent Threat.” The FBI alert provides tips for organizations to prevent … Continue Reading

Business Associate Agreement Update Deadline

September 22, 2014 is the deadline to have business associate and data use agreements updated to conform to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Final Omnibus Rule  (the Omnibus Rule), which became effective September 23, 2013.  The Omnibus Rule’s transition provisions  protect eligible business associate agreements and data use agreements until … Continue Reading
LexBlog