Tag Archives: Health Information Technology

OCR Announces HIPAA Audit Program

Today, the Office for Civil Rights formally announced its HIPAA audit plan, with audits commencing in November 2011. A new page on OCR's website answers some helpful questions for covered entities and business associates, which are summarized in this report.… Continue Reading

Provide Feedback to Government on Exchanging Health Information on Mobile Communications Devices

If you have an interest in the role the growing use of mobile communications devices (smartphones, iPads, iPhones, etc.) will play in how personal health information is exchanged in the health care industry, the Office of the National Coordinator for Health Information Technology (ONC) is seeking your input. According to a notice published Nov. 1, 2011 (76 Fed. Reg. 67455), comments are due Dec. 31.… Continue Reading

HHS Report to Congress Shows Marked Increase in Data Breaches

  The Office of Civil Rights of the U.S. Department of Health and Human Services (“HHS”) has published its first round of annual reports to Congress under the HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 to Congress. The first report concerns HHS’s HIPAA (Health Insurance Portability and Accountability Act of 1996) … Continue Reading

HHS Announces Proposed Changes to HIPAA Privacy Rule

The U.S. Department of Health and Human Services' (HHS) announced proposed changes to the HIPAA Privacy Rule to implement new requirements concerning individuals' rights to access reports and accountings of disclosures of their protected health information. The announcement seeks comments from the public as the agency hopes to craft the law so as to provide the greatest transparency for individuals with respect to access to and disclosures of their PHI, while minimizing the burden on covered entities and business associates.… Continue Reading

FTC Issues Guidance Addressing Medical Identity Theft

Last month, the Federal Trade Commission’s Bureau of Consumer Protection posted FAQs on its website to guide health care providers and health plans when their patients and subscribers are affected by medical identity theft.  When most people hear about an identity theft or a data breach, they typically think about credit card data or Social Security … Continue Reading

Employers Beware: Aggrieved Employee Commits Data Breach Affecting 2400 Individuals

As employees become more savvy with electronic communications and employers face increasing challenges with controlling vast amounts of data, the circumstances in this recent San Francisco Examiner story are likely being repeated all over the country - employee takes company information to support her wrongful termination case.… Continue Reading

Data Breach Insurance Growing In Popularity for Health Care Providers, Others

The demand for "data breach" insurance appears to be growing based on our experiences, as well as commentary such as a recent article by Pamela Lewis Dolan of American Medical News. As we’ve reported, data breach coverage is something quite different than traditional "cyber-risk" coverage which tends to address "hazards such as unauthorized Web site access, online libel, data … Continue Reading

Connecticut Insurance Department Settles Health Net Data Breach

What had been the first use of the enforcement authority under the HIPAA privacy regulations granted to a State Attorney General, has ended in a settlement agreement between Connecticut’s Insurance Department and Health Net of Connecticut. Under the agreement, Health Net will pay $375,000 in penalties, and it agreed to provide credit monitoring protection for 2 years to all affected persons in Connecticut and … Continue Reading

Employees Protected from Retaliation When Raising Concerns about HIPAA and Data Security

In March 2010, we reported on a decision by the U.S. District Court for the District of New Jersey that allowed an employee’s retaliation claim to proceed to trial under the New Jersey Conscientious Employee Protection Act (“CEPA”) on the ground that he was engaged in protected whistle blowing activity – voicing concerns regarding his employer’s handling … Continue Reading

Rite Aid Agrees to $1 Million Payment to HHS Concerning Potential HIPAA Privacy Violations

Rite Aid Corporation and its affiliates have agreed to pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today. At the same time, Rite Aid signed a consent order with the Federal Trade Commission (FTC) … Continue Reading

HHS Announces Final EHR Regulations Charting Path to Billions in Incentives for Providers and Hospitals to Adopt EHR Systems

U.S. Department of Health and Human Services Secretary Kathleen Sebelius has announced final rules for eligible health care professionals and hospitals to qualify for a portion of the $27 billion or so in Medicare and Medicaid incentive payments for implementation and meaningful use of certified electronic health records (EHR). Many are concerned these incentives will … Continue Reading

Electronic Health Records: The Work to Build a Health Information Technology Infrastructure Begins

In a key step toward developing a proposed U.S. health information technology (HIT) infrastructure, the Centers for Medicare & Medicaid Services has announced that Iowa’s Medicaid program is the first to receive federal matching funds for planning activities necessary to implement the electronic health record (EHR) incentive program established by the American Recovery and Reinvestment … Continue Reading