HHS

Subscribe to HHS

In February, a coalition of healthcare organizations sent a letter to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a proposed update to the Security Rule under HIPAA. The update is aimed at strengthening safeguards for securing electronic protected health information.

As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It looks like substantial changes are in store for covered entities and business associates alike, including healthcare providers

A healthcare provider delivering pain management services in Florida and other states faces a $1.19 million civil monetary penalty from the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). The OCR investigation stems from a data breach, but not the type of breach we are used to seeing in

Unhappy consumers, including patients, are free to express dissatisfaction with services they receive from providers on popular social media or online review platforms, such as Yelp and Google. At least in the healthcare industry, providers must be very careful when responding, if they respond at all.

“OCR continues to receive complaints about health care

We have written several times about U.S. Department of Health and Human Services Office for Civil Rights’ “HIPAA Right of Access Initiative.” In its most recent enforcement action under the Initiative, the 44th such enforcement action, the OCR investigated a complaint made against a psychotherapist concerning the alleged refusal to provide medical records. Ultimately, and

The U.S. Food and Drug Administration (FDA) named University of Michigan Associate Professor Kevin Fu Acting Director of Medical Device Security in its Center for Devices and Radiological Health. This is a newly created 12-month post in which Fu will “work to bridge the gap between medicine and computer science and help manufacturers protect

Employers that sponsor group health plans (medical, dental, vision, HFSA) are used to negotiating detailed administrative services agreements with vendors that provide services to those plans. Many also are familiar with “business associate agreements” required under HIPAA that must be in place with certain vendors, such as third-party claims administrators (TPAs), wellness program vendors, benefits

Many health care providers, including small and medium-sized physician practices, rely on a number of third party service providers to serve their patients and run their businesses. Perhaps the most important of these is a practice’s electronic medical record (EMR) provider, which manages and stores patient protected health information. EMR providers generally are business associates

Secretary Tom Price of the U.S. Department of Health and Human Services (HHS) announced his agency needs “to focus more on the most recent breaches and clarify when entities have taken action to resolve the issues that might have led to their breaches.” Accordingly, HHS’ Office of Civil Rights has launched a revised web tool

As you likely know by now, international cybercriminals launched a worldwide ransomware attack last Friday with the European law enforcement agency Europol reporting over 100,000 affected organizations in 150 countries, including the U.S. Reports indicate that health care providers, universities, and other large companies were all targeted. The Department of Health and Human Services also