Tag Archives: Health Insurance Portability and Accountability Act

2-Year Statute of Limitations Applies to HIV Patient’s Privacy Suit

A New Jersey appeals court recently ruled that a two-year statute of limitations applies to a claim by an HIV-positive patient asserting one of his doctors improperly disclosed his medical status to a third party without consent.  The three-judge Appellate Division panel rejected arguments by the doctor that the suit should be dismissed as time-barred … Continue Reading

Data Analytics Enables Health Plans to Predict When Employees Need Health Services and For How Long

We know that data analytics is being used to influence a wide range of things such as the pair of shoes one might want to buy or what news is “trending” on Facebook. Similar tools are being applied to employer-sponsored group health plans. According to a recent HealthcareITnews article, vendors such as Advanced Plan for … Continue Reading

Smaller HIPAA Breaches To Get More Attention by Office for Civil Rights

The HIPAA breach notification rule has two buckets for classifying data breaches – those that involve “protected health information” (PHI) of 500 or more individuals and those that involve fewer than 500 individuals. Since the breach notification rule became effective, the Office of Civil Rights’ (OCR) focus has been on the 500 and over bucket. But … Continue Reading

HIPAA and $15 Million in 2016

For years, many questioned whether the HIPAA privacy and security rules would be enforced. The agency responsible for enforcement, Health and Human Services’ Office for Civil Rights (OCR), promised it would enforce the rules, but just after a period “soft” enforcement and compliance assistance. That period appears to be ending. During the first seven months … Continue Reading

Check Your Spam Filter, You Might Have Been Selected for a HIPAA Audit!

Yesterday, the federal Office for Civil Rights (OCR) announced Phase 2 of its HIPAA Audit Program (Program). In its announcement, the OCR reports that the Program is underway and provides some helpful FAQs for covered entities and business associates about the Program. Preparation is critical and there are some key points covered entities and business … Continue Reading

The Inexplicit Requirement and Definitive Necessity for Employers to Implement Privacy Policies

In the face of seemingly daily news reports of company data breaches and the mounting legislative concern and efforts on both the state and federal level to enact laws safeguarding personal information maintained by companies, employers should be questioning whether they should implement privacy policies to address the protection of personal information they maintain on … Continue Reading

Top 10 for 2016 – Happy Data Privacy Day

In honor of Data Privacy Day, we provide the following “Top 10 for 2016.”  While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2016. EU/U.S. Data Transfer (status of Safe Harbor).  On October 6, 2015, the Court of Justice of the European Union (CJEU) ruled … Continue Reading

Million Dollar HIPAA Settlements Are About Compliance, Not Harm to Individuals

In the last two weeks, the Office for Civil Rights (OCR) announced two substantial settlements under HIPAA that together totaled $4.35 million. These large amounts seem to be driven not by actual harm to individuals, but in significant part by alleged HIPAA compliance failures identified by OCR following investigations commenced in response to receipt of data … Continue Reading

Healthcare Worker Gives New Employer Patient Records, Old Employer Pays $15,000 to NY Attorney General For HIPAA Violation

One of your employees discloses your organization’s patient information to a soon-to-be new employer for use in generating business at the new employer’s competing business, and your company has to settle with the New York State Attorney General for HIPAA violations. Make sense? This is what happened according to a published settlement agreement (pdf) that was … Continue Reading

HIPAA Audits Maybe, But Audit Preparedness Definitely!

According to a Bloomberg article, the second phase of HIPAA audits by the Office for Civil Rights (OCR), originally set to commence in 2014, may be coming soon. This update came at a HIPAA conference co-hosted by OCR during which OCR Director Jocelyn Samuels said the agency was in the process of confirming contact information of … Continue Reading

Cancer Care Group to Pay $750,000 to Settle HIPAA Breach, as KPMG Finds 81 Percent of Hospitals and Health Insurance Companies had a Breach in the Past Two Years

On September 2, the Office for Civil Rights (OCR) reported that it agreed to settle potential violations of the HIPAA privacy and security regulations with Cancer Care Group, Inc. The dollar amount of the settlement, $750,000, is significant, and the agreement to adopt a robust, multi-year corrective action plan under the watchful eye of the … Continue Reading

Employer FAQs: Responding to the Anthem Breach

The first massive data breach of 2015 hit one of the country’s largest insurance issuers, Anthem, Inc., including Anthem Blue Cross and Blue Shield and other related entities (Anthem). The incident reportedly affected over 80 million persons who are or were covered under a policy or program insured or serviced by Anthem. The personal note … Continue Reading

Negligence Claims for Breach of Patient Privacy Not Preempted by HIPAA, Connecticut Supreme Court Holds

Healthcare providers continue to have challenges with responding to attorney requests for information and subpoenas. We highlighted some of these last year, along with some issues providers should be considering to help meet those challenges.  In this case, after the patient advised the provider not to disclose her PHI to her significant other, the provider received a … Continue Reading

Data Breach Notification Deadline Extended 10 Days for Certain Healthcare Providers in California

While recent legislation has tended to tighten data breach notification requirements (e.g., Florida and California), Assembly Bill 1755 extended the breach notification deadline from five to 15 days for certain healthcare providers. More specifically, according to AB1755 which becomes effective January 1, 2015, the deadline to provide notification of a breach of medical information for healthcare providers covered by … Continue Reading

Enterovirus D-68 and Ebola Cases Raise Privacy Concerns for Healthcare Providers and their Workers

On September 25, a four-year old boy from New Jersey died of Enterovirus D-68, reports myfoxphilly.com. Increasingly, there are reports about potential Ebola cases in the U.S. Naturally, the spread of infectious disease raises concern for everyone, particularly for healthcare workers who want to do their jobs, and also protect their families. There are already … Continue Reading

HIPAA Privacy Rule Also Affected By Supreme Court’s DOMA Decision in U.S. v. Windsor

When the U.S. Supreme Court decided United States v. Windsor, it declared section 3 of the Defense of Marriage Act (DOMA) to be unconstitutional. For many companies, the decision meant changes to certain of their employee benefit plans, as well as the tax treatment of employee contributions for same sex spouses. However, declaring section 3 of … Continue Reading

Yes, a Person Can be Criminally Prosecuted for Violating HIPAA

As reported by HealthcareInfoSecurity.com, a former hospital employee is facing criminal charges brought by federal prosecutors in Texas for alleged violations of the privacy and security requirements under the Health Insurance Portability and Accountability Act (HIPAA). You may remember that back on June 1, 2005, the Department of Justice issued an opinion supporting the prosecution of individuals … Continue Reading

OCR Provides HIPAA “Lessons Learned” In Data Breach Report to Congress

An Office for Civil Rights (OCR) report issued this month reveals some interesting details about data breach activity under HIPAA, as well as some helpful reminders and recommendations for covered entities and business associates. Section 13402(i) of the HITECH Act requires the Secretary of Health and Human Services to submit a report to various Senate … Continue Reading

Thinking About Cyber, Data Breach Insurance? Have You Assessed Your Needs/Risks?

It seems more companies are considering whether to purchase or enhance their cyber or data breach insurance coverage. In recent years, these offerings have expanded giving businesses more choice, and perhaps so has the need for such coverage given the explosion of access to and transmission of confidential data. What is interesting about this development is the different … Continue Reading
LexBlog