July 2010

Rite Aid Agrees to $1 Million Payment to HHS Concerning Potential HIPAA Privacy Violations

By Joseph J. Lazzarotti on July 27, 2010

Posted in Data Security, Health Information Technology, HIPAA, Identity Theft, Information Management, Information Risk, Written Information Security Program

Rite Aid Corporation and its affiliates have agreed to pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today. At the same time, Rite Aid signed a consent order with the Federal Trade Commission (FTC)…

To host or not to host?

By Joseph J. Lazzarotti on July 23, 2010

Posted in Information Management

Guest Post from Pat Yu* of Accero. We are happy to make Mr. Yu’s insights available to our readers as they are important considerations for companies considering alternative data and systems management strategies. Enjoy this post:

To host or not to host . . . That’s ultimately the critical question when it comes to…

HHS Announces Final EHR Regulations Charting Path to Billions in Incentives for Providers and Hospitals to Adopt EHR Systems

By Joseph J. Lazzarotti on July 13, 2010

Posted in Health Information Technology, HIPAA, Information Risk, Written Information Security Program

U.S. Department of Health and Human Services Secretary Kathleen Sebelius has announced final rules for eligible health care professionals and hospitals to qualify for a portion of the $27 billion or so in Medicare and Medicaid incentive payments for implementation and meaningful use of certified electronic health records (EHR). Many are concerned these incentives will…

Proposed HITECH Regulations: Will Subcontractors of Business Associates Be Subject to the HIPAA Privacy and Security Rule?

By Joseph J. Lazzarotti on July 13, 2010

Posted in HIPAA, Information Risk, Written Information Security Program

Further to our discussions of the proposed regulations to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), we summarize here a proposed changed to the definition of “business associate.” A significant part of the “HIPAA community” (covered entities, business associates and their agents and subcontractors) already…

Shredding and Data Destruction Companies – A HIPAA-Covered Entity’s Best Friend

By Joseph J. Lazzarotti on July 12, 2010

Posted in Data Security, HIPAA, Information Risk, Written Information Security Program

We recently reported here that the Department of Health and Human Services (HHS) is issuing proposed regulations to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”). These proposed regulations contain a number of important points to think about for HIPAA covered entities (and business associates…

HHS to Issue Proposed Regulations Concerning HITECH

By Joseph J. Lazzarotti on July 8, 2010

Posted in HIPAA

The Department of Health and Human Services announced this morning that it will be issuing a notice of proposed rulemaking to begin implementing the recent statutory amendments under the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act”). According to HHS, the proposed regulations (pdf), set to be published July 14, 2010, are designed to strengthen…

Workplace Privacy, Data Management & Security Report