The widely reported data breach at Community Health Systems, Inc. (CHS) appears to have relied upon a “spear phish email” to launch the initial malware, according to a recent alert from the FBI. Experts engaged by CHS believe that the attacker is an “Advanced Persistent Threat.” The FBI alert provides tips for organizations to prevent … Continue Reading
The price of compliance may be high, but the price of non-compliance is even higher. Based on its recent $3 million data breach settlement, AvMed, and many other entities that have experienced data breach litigation, would likely agree that paying for security upgrades now, is far superior to paying for data breaches later. In 2009, … Continue Reading
As required by the HITECH Act, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has issued guidance on two methods for de-identifying protected health information (PHI) under the Health Insurance portability and Accountability Act of 1996 (HIPAA) privacy rule.[1] “This guidance is intended to assist covered entities to understand … Continue Reading
On September 17, 2012, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (collectively referred to as “MEEI”) agreed to pay $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act … Continue Reading
Under the proposed ACO rules, CMS will assign Medicare beneficiaries to ACOs based on where the patient receives the “plurality” of their primary care services during the year before the relevant ACO performance measurement period. If medical cost savings can be achieved during the performance period for the ACO’s assigned beneficiaries as compared against the CMS projected benchmark … Continue Reading
The U.S. Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, MD (“Cignet”), violated the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HHS imposed a civil money penalty (“CMP”) of $4.3 million … Continue Reading