As we continue to examine the final HIPAA privacy and security regulations, as amended by the HITECH Act and the Genetic Information Nondiscrimination Act, we pulled together a summary of some of the key points. We fully expect additional sub-regulatory guidance to be provided by OCR, such as frequently asked questions and sample business
Top 13 for 2013 – Happy Privacy Day
Top 13 data privacy and security issues for 2013…
Continue Reading Top 13 for 2013 – Happy Privacy Day
Final HIPAA Regulations: “Business Associates” Include Subcontractors, Data Storage Companies (Cloud Providers?)
Under the HITECH Act, business associates are subject to the HIPAA privacy and security rules (the "HIPAA Rules") virtually to the same extent as covered entities. In addition to implementing this change for business associates ("BAs"), and providing additional guidance concerning what entities are business associates, the final HIPAA regulations issued last week also treat certain subcontractors of BAs as BAs directly subject to …
Final HIPAA/HITECH Privacy and Security Regulations Released
Final HIPAA regulations are out……
Continue Reading Final HIPAA/HITECH Privacy and Security Regulations Released
Health Care Providers May Disclose PHI to Avert Threats to Health and Safety, HHS Letter Confirms
By Joseph J. Lazzarotti on
Posted in HIPAA, Written Information Security Program
Following the mass shootings in Newtown, CT, and Aurora, CO, Office for Civil Rights Director Leon Rodriguez issued a letter on January 15, 2013, reminding covered health care providers about disclosures of protected health information that may be made to avert threats to health and safety.
The letter points out, for example, that mental health…
Former Patient Advocate took Medical Records from Hospital, Alleges Hospital Instructed her to Destroy Them
By Jackson Lewis P.C. on
Posted in HIPAA
Approximately 233 pages of confidential patient grievance files are at the center of a legal storm in U.S. District Court for the District of Minnesota. In the case of Peterson v. HealthEast Woodwinds Hospital, the plaintiff, a former Patient Advocate, alleges she was instructed to improperly destroy medical files. According to her Complaint, this caused Peterson stress that required…
Massachusetts AG Coakley Announces $140K Settlement Following Public Dumping of HIPAA PHI by Medical Billing Service Provider
Medical billing company’s alleged dumping of medical records results in $140K settlement with Massachusetts Attorney General.
Continue Reading Massachusetts AG Coakley Announces $140K Settlement Following Public Dumping of HIPAA PHI by Medical Billing Service Provider
Small HIPAA Breach (Affecting Fewer Than 500) Leads to Substantial Penalties
HIPAA data breach affecting 441 patients leads to investigation resulting in $50K in penalties due to alleged lapses in security compliance.
Continue Reading Small HIPAA Breach (Affecting Fewer Than 500) Leads to Substantial Penalties
OCR Releases Guidance on “De-Identification” of PHI under HIPAA
On Monday, the Office for Civil Rights released guidance regarding methods for de-identification of protected health information (PHI) in accordance with the HIPAA Privacy Rule and as required by the American Recovery and Reinvestment Act of 2009.
HIPAA covered entities and business associates recognize the increasing risks related to handling "protected health information." One way to reduce these…
Are Lou Gehrig’s Medical Records Still Private?
By Jackson Lewis P.C. on
Posted in HIPAA
Former New York Yankee Lou Gehrig died 71 years ago from amyotrophic lateral sclerosis or ALS, now known as Lou Gehrig’s disease. Now some legislators in Minnesota want to make his medical records, maintained at the Mayo Clinic, public. A story in the Star Tribune raises the question of how long a patient’s personal health…