Header graphic for print
Workplace Privacy, Data Management & Security Report

Category Archives: HIPAA

Subscribe to HIPAA RSS Feed

Have You Obtained a HPID?

Written by Tyler Philippi The Department of Health and Human Services (“HHS”) recently released guidance on the application process to obtain a Health Plan Identifier (“HPID”).  A HPID is an all-numeric 10-digit identification number that many HIPAA-covered health plans are required to adopt by November 5, 2014.  Think of a HPID like an EIN for… Continue Reading

HIPAA Privacy Rule Also Affected By Supreme Court’s DOMA Decision in U.S. v. Windsor

When the U.S. Supreme Court decided United States v. Windsor, it declared section 3 of the Defense of Marriage Act (DOMA) to be unconstitutional. For many companies, the decision meant changes to certain of their employee benefit plans, as well as the tax treatment of employee contributions for same sex spouses. However, declaring section 3 of… Continue Reading

HIPAA Reminders – Business Associate Agreement Deadline and Continuation of OCR Audits

I recently had the pleasure of speaking to a great group at the Connecticut Assisted Living Association (CALA) about HIPAA and a range of related practical issues. Many covered entities and business associates, particularly those that are small businesses, continue to work on understanding the privacy and security standards, and how to best apply them in their… Continue Reading

Yes, a Person Can be Criminally Prosecuted for Violating HIPAA

As reported by HealthcareInfoSecurity.com, a former hospital employee is facing criminal charges brought by federal prosecutors in Texas for alleged violations of the privacy and security requirements under the Health Insurance Portability and Accountability Act (HIPAA). You may remember that back on June 1, 2005, the Department of Justice issued an opinion supporting the prosecution of individuals… Continue Reading

Prepare For Increased HIPAA Fines

Since mid-2013, the Department of Health and Human Services has recovered more than $10 million from numerous entities in connection with alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”).  However, during a recent American Bar Association conference, Jerome B. Meites, a chief regional civil rights counsel at the Department of Health and Human Services (“HHS”)… Continue Reading

California Healthcare Provider Defeats Data Breach Class Action on Definition of Medical Information

Written by Ann Haley Fromholz In a victory for California healthcare providers, the California Court of Appeal recently held that a health care provider is not liable under California’s Confidentiality of Medical Information Act (CMIA) (Cal. Civ. Code, § 56 et seq.) when the health care provider releases an individual’s personal identifying information, but the… Continue Reading

Stolen Laptops = HIPAA Settlements Totaling Nearly Two Million Dollars

Unencrypted laptop computers and other mobile devices pose significant risks to the security of patient information, reminds the U.S. Department of Health and Human Services Office for Civil Rights (OCR) in its announcement yesterday that it collected $1,975,220 from two entities collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA)… Continue Reading

Healthcare Employer’s Termination Letter Provides Basis For Court to Allow Discovery of Patient Contact Information

Written by Jeffrey M. Schlossberg Employers faced with the inevitable task of terminating an employee’s employment often inquire whether to provide the employee with written reasons for the termination; or, if they are required to provide an explanation of the termination, they ask what should be included in the explanation. Except in a limited number… Continue Reading

Cities And Counties Are Not Immune From HIPAA Enforcement, Skagit County, WA Pays $215,000

Skagit County, Washington, has agreed to settle potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), according to an announcement by the Office for Civil Rights (OCR) on Friday.  OCR reported that Skagit County, home to approximately 118,000 residents, agreed to a $215,000 monetary settlement and to comply… Continue Reading

HHS to Conduct Survey About Which HIPAA Covered Entities and Business Associates Should Be Audited

The Department of Health and Human Services announced on February 24 that it is seeking information about conducting a pre-audit survey. That is, it plans to conduct a “survey of up to 1200 [HIPAA] covered entities (health plans, health care clearinghouses, and certain health care providers) and business associates (entities that provider certain services to… Continue Reading

New HIPAA Guidance Concerning Mental Health Records

Healthcare providers and their business associates frequently face difficult questions relating to when they are able to share protected health information with the family members and friends of the patients they serve. These questions often require consideration of a number of different laws and rules, such as HIPAA, Federal alcohol and drug abuse confidentiality regulations, state mental… Continue Reading

Increased Use of Medical Devices by Healthcare Providers Results in More Cyberattacks and Data Breaches

A study (registration required) by two data security firms, Norse in Silicon Valley and SANS, discussed in a recent L.A. Times article, confirms the concerns raised by the FDA and others about increased use of internet-connected medical devices by healthcare providers and the corresponding increase in the information systems of those providers being attacked, and in some… Continue Reading

Employee’s Unauthorized Texting of Confidential Health Information May Impose Employer Liability

Written by Jeffrey M. Schlossberg When does a medical clinic’s employee’s unauthorized texting of patient confidential health information result in liability to the clinic? The answer; it depends. In Doe v. Guthrie Clinic, Ltd., the Second Circuit Court of Appeals dismissed a patient’s claim against a medical corporation for alleged breach of fiduciary duty based… Continue Reading

Top 14 for 2014

In honor of National Data Privacy Day, we provide the following “Top 14 for 2014.”  While the list is by no means exhaustive, it does provide critical areas businesses will need to consider in 2014. Location Based Tracking.  As the utilization of GPS enable devices becomes more and more prevalent, employers are often faced with… Continue Reading

Another Small Healthcare Provider Settles Potential HIPAA Violations Following Data Breach, Office For Civil Rights Announces

A familiar story – small health care provider suffers a data breach affecting patient data, reports incident to the federal Office for Civil Rights (OCR) and winds up becoming subject to an OCR investigation that goes well beyond the breach itself, resulting in a significant settlement payment and corrective action plan. In this case, a relatively… Continue Reading

Google Glass in the Workplace

WSJ reported on November 22, 2013, Google’s push to move Google Glass, a computerized device with an “optical head-mounted display,” into the mainstream by tapping the prescription eyewear market through VSP Global—a nationwide vision benefits provider and maker of frames and lenses. If the speed and immersion of technology over the past few years had… Continue Reading

Healthcare.gov Not Secure, According to IT Security Experts

According to testimony before the House Committee on Science, Space, and Technology and warnings from IT security experts, individuals using the federal government’s website to obtain health coverage through the Exchange are likely putting the security of their sensitive personal information at significant risk. Reports about the cost of the federal website vary, but based on… Continue Reading