WSJ reported on November 22, 2013, Google’s push to move Google Glass, a computerized device with an “optical head-mounted display,” into the mainstream by tapping the prescription eyewear market through VSP Global—a nationwide vision benefits provider and maker of frames and lenses. If the speed and immersion of technology over the past few years had… Continue Reading
According to testimony before the House Committee on Science, Space, and Technology and warnings from IT security experts, individuals using the federal government’s website to obtain health coverage through the Exchange are likely putting the security of their sensitive personal information at significant risk. Reports about the cost of the federal website vary, but based on… Continue Reading
Today, the Centers for Medicare and Medicaid Services (CMS) requested an "emergency review" of its recently proposed rule that "[Federally-facilitated Exchanges or FFEs], non-Exchange entities associated with FFEs, and State Exchanges must report all privacy and security incidents and breaches to HHS within one hour of discovering the incident or breach." We reported on the proposed… Continue Reading
Click on the link in this post for high-level compliance roadmap concerning the Omnibus Privacy Rule under HIPAA and HITECH for covered plans, providers and business associates.
Breach involving software upgrade to online application system leads to allegations of HIPAA privacy and security failures, and a $1.7 million settlement payment to HHS.
Are you a “non-Exchange entity” with respect to the healthcare exchanges coming later this year? If so you may become subject to a one-hour breach notification mandate.
Big Data’s impact on medical devices pushes FDA to propose draft guidelines for cybersecurity.
University’s $400,000 payment to HHS to settle HIPAA compliance allegations highlights critical role of risk assessments, and need for security policies and procedures.
President Obama issues executive order on cybersecurity
Across the pond, concern over government collection of personal health data is rising.
Linking his announcement to National Privacy Day, January 28, 2013, Maryland Attorney General Douglas F. Gansler informed the public that his office has formed an Internet Privacy Unit. (See similar step taken by Connecticut AG) The stated purpose of the Unit is to protect the privacy of online users. The Unit will be charged with "monitor[ing]… Continue Reading
As we continue to examine the final HIPAA privacy and security regulations, as amended by the HITECH Act and the Genetic Information Nondiscrimination Act, we pulled together a summary of some of the key points. We fully expect additional sub-regulatory guidance to be provided by OCR, such as frequently asked questions and sample business associate agreement… Continue Reading
Top 13 data privacy and security issues for 2013
Under the HITECH Act, business associates are subject to the HIPAA privacy and security rules (the "HIPAA Rules") virtually to the same extent as covered entities. In addition to implementing this change for business associates ("BAs"), and providing additional guidance concerning what entities are business associates, the final HIPAA regulations issued last week also treat certain subcontractors of BAs as BAs directly subject to the… Continue Reading
Final HIPAA regulations are out…
Is your cloud service provider HIPAA-compliant?
HIPAA data breach affecting 441 patients leads to investigation resulting in $50K in penalties due to alleged lapses in security compliance.
On Monday, the Office for Civil Rights released guidance regarding methods for de-identification of protected health information (PHI) in accordance with the HIPAA Privacy Rule and as required by the American Recovery and Reinvestment Act of 2009. HIPAA covered entities and business associates recognize the increasing risks related to handling "protected health information." One way to reduce these risks… Continue Reading
Another reported HIPAA breach results in $1.5 million dollar settlement between HIPAA covered entity and HHS’ Office of Civil Rights
Burglary at hospital employee’s home results in stolen flash drive and HIPAA data breach
Read Jackson Lewis’ white paper addressing legal risks stemming from occupational health nurses and on-site health clinics
HIPAA covered entities and business associates need to consider how to practically and efficiently track and illustrate compliance should they find an OCR investigator knocking at the door.
Today, the Office for Civil Rights formally announced its HIPAA audit plan, with audits commencing in November 2011. A new page on OCR’s website answers some helpful questions for covered entities and business associates, which are summarized in this report.
If you have an interest in the role the growing use of mobile communications devices (smartphones, iPads, iPhones, etc.) will play in how personal health information is exchanged in the health care industry, the Office of the National Coordinator for Health Information Technology (ONC) is seeking your input. According to a notice published Nov. 1, 2011 (76 Fed. Reg. 67455), comments are due Dec. 31.