Tag Archives: HIPAA

FBI Warns of “Spear Phishing” for Your Data and Ideas

The widely reported data breach at Community Health Systems, Inc. (CHS) appears to have relied upon a “spear phish email” to launch the initial malware, according to a recent alert from the FBI. Experts engaged by CHS believe that the attacker is an “Advanced Persistent Threat.” The FBI alert provides tips for organizations to prevent … Continue Reading

Data Security: Pay IT Now or Pay Out Later

The price of compliance may be high, but the price of non-compliance is even higher. Based on its recent $3 million data breach settlement, AvMed, and many other entities that have experienced data breach litigation, would likely agree that paying for security upgrades now, is far superior to paying for data breaches later. In 2009, … Continue Reading

HHS Guidance for De-Identification of PHI Under the HITECH Act

As required by the HITECH Act, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has issued guidance on two methods for de-identifying protected health information (PHI) under the Health Insurance portability and Accountability Act of 1996 (HIPAA) privacy rule.[1]  “This guidance is intended to assist covered entities to understand … Continue Reading

Massachusetts provider settles HIPAA case for $1.5 million

On September 17, 2012, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (collectively referred to as “MEEI”) agreed to pay $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act … Continue Reading

Two Views on Beneficiary Data Implications for Patients and ACOs: Part 1 – Balancing Patient Privacy With the Objectives of the Program

Under the proposed ACO rules, CMS will assign Medicare beneficiaries to ACOs based on where the patient receives the “plurality” of their primary care services during the year before the relevant ACO performance measurement period.  If medical cost savings can be achieved during the performance period for the ACO’s assigned beneficiaries as compared against the CMS projected benchmark … Continue Reading

HHS Imposes First Civil Monetary Penalty for HIPAA Privacy Rule Violation

The U.S. Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, MD (“Cignet”), violated the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  HHS imposed a civil money penalty (“CMP”) of $4.3 million … Continue Reading