Archives: HIPAA

Subscribe to HIPAA RSS Feed

Unauthorized TV Cameras in Hospitals Yield Costly HIPAA Penalties of $999,000

For the second time in as many years, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into settlement agreements with and levied hefty fines on three hospitals that allegedly impermissibly disclosed patients’ protected health information to ABC News in the course of filming a television network documentary series.  OCR announced … Continue Reading

How To Avoid Paying $2,000 A Day To Encrypt ePHI

Let’s hope you don’t pay that much to encrypt electronic Protected Health Information (ePHI). How about a total of $4.3 million over two years? Well, that’s the total penalty for encryption violations assessed by Health and Human Services (HHS). An Administrative Law Judge found the penalty could have been much worse. The facts are sobering. … Continue Reading

Key Health Care Technology Privacy and Cybersecurity Considerations

In a podcast interview with Healthcare InfoSecurity, Squire Patton Boggs Partner Elliot Golding addresses evolving healthcare privacy and security issues, particularly complex issues involving Internet of Things (IoT) devices.  This includes addressing new risks when connected devices link to legacy systems, the applicable regulatory environment, and other key issues companies operating in the health care … Continue Reading

States Increase HIPAA Enforcement

A recent blog post summarized Health Insurance Portability and Accountability Act (“HIPAA”) enforcement settlements for Virtual Medical Group (“VMG”) in New Jersey and EmblemHealth in New York that may signal a broader trend of increased state HIPAA enforcement.  Under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act’s amendment to HIPAA, codified at … Continue Reading

HHS OCR Issues New Research Guidance

As part of its ongoing implementation of the 21st Century Cures Act (Public Law 114-255), the Department of Health and Human Services last month released a number of new HIPAA guidance tools, including additional information about research uses and disclosures.  The research guidance contains helpful tips for covered entities regarding authorizations, revocations, and “reviews preparatory … Continue Reading

HHS Announces $400,000 HIPAA Settlement with Community Health Center

The Department of Health and Human Services Office of Civil Rights (HHS OCR) recently settled with a notable covered entity – a nonprofit Federally Qualified Community Health Center (FQHC) – over alleged Health Information Portability and Accountability Act (HIPAA) Privacy and Security Rule violations. With the FQHC agreeing to pay $400,000 to HHS and entering … Continue Reading

Task Forces in 10 States Target Providers of Services to Elderly

On March 30, 2016, the US Department of Justice (DOJ) announced that healthcare providers who serve the elderly in the following 10 states will have task forces looking over their shoulders: California, Georgia, Kansas, Kentucky, Iowa, Maryland, Ohio, Pennsylvania, Tennessee and Washington. Known as the Elder Justice Task Forces (Task Forces), these partnerships combine the … Continue Reading

Triple S’ Violations Spark HHS’ Triple Enforcement Actions

HHS recently agreed to a $3.5 million resolution with business associates and covered entities for numerous violations of the Privacy, Breach Notification, and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA).  Triple S, as the parties are collectively known, seemed to miss the regulatory ball in a few ways, like protected health … Continue Reading

Anthem Data Breach: A Dramatic Reminder about Data Security

News of the data breach suffered by Anthem continues to dominate the news (here, here, and here for example).  And, further raising the stakes, class action lawsuits from individuals whose information has potentially been compromised are beginning to roll into courthouses across the country (California, Alabama, Indiana, Georgia, California (again), and California (again)).  Because health care data is such a … Continue Reading

FBI Warns of “Spear Phishing” for Your Data and Ideas

The widely reported data breach at Community Health Systems, Inc. (CHS) appears to have relied upon a “spear phish email” to launch the initial malware, according to a recent alert from the FBI. Experts engaged by CHS believe that the attacker is an “Advanced Persistent Threat.” The FBI alert provides tips for organizations to prevent … Continue Reading

Business Associate Agreement Update Deadline

September 22, 2014 is the deadline to have business associate and data use agreements updated to conform to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Final Omnibus Rule  (the Omnibus Rule), which became effective September 23, 2013.  The Omnibus Rule’s transition provisions  protect eligible business associate agreements and data use agreements until … Continue Reading
LexBlog