Since mid-2013, the Department of Health and Human Services has recovered more than $10 million from numerous entities in connection with alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”). However, during a recent American Bar Association conference, Jerome B. Meites, a chief regional civil rights counsel at the Department of Health and
OCR Provides HIPAA “Lessons Learned” In Data Breach Report to Congress
An Office for Civil Rights (OCR) report issued this month reveals some interesting details about data breach activity under HIPAA, as well as some helpful reminders and recommendations for covered entities and business associates. Section 13402(i) of the HITECH Act requires the Secretary of Health and Human Services to submit a report to various Senate…
Cities And Counties Are Not Immune From HIPAA Enforcement, Skagit County, WA Pays $215,000
Skagit County, Washington, has agreed to settle potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), according to an announcement by the Office for Civil Rights (OCR) on Friday. OCR reported that Skagit County, home to approximately 118,000 residents, agreed to a $215,000 monetary…
HHS to Conduct Survey About Which HIPAA Covered Entities and Business Associates Should Be Audited
By Joseph J. Lazzarotti on
Posted in Health Information Technology, HIPAA
The Department of Health and Human Services announced on February 24 that it is seeking information about conducting a pre-audit survey. That is, it plans to conduct a “survey of up to 1200 [HIPAA] covered entities (health plans, health care clearinghouses, and certain health care providers) and business associates (entities that provider certain services to…
Puerto Rico Gets Serious About HIPAA – $6.8 million in penalties connected to data breach
Ricardo Rivera Cardona of the Puerto Rico Health Insurance Administration, intending to send a message by imposing the largest penalty to date ($6.8 million) arising out of a breach of protected health information under HIPAA, as reported by Infomation Security Media Group, is quoted as saying:
We are sending a message that we are
…
OCR Responds To Critical OIG Report About the Extent of OCR’s HIPAA Enforcement
A report issued by the Department of Health and Human Services Office of Inspector General (“OIG”) concludes that the Office for Civil Rights (“OCR”) did not meet all of its federal requirements for oversight and enforcement of the HIPAA Security Rule. While the report noted OCR met some of these requirements, it also found that:…
OCR Issues Model Notices of Privacy Practices
By Joseph J. Lazzarotti on
Posted in HIPAA
Model HIPAA Notices of Privacy Practices now available for September 23, 2013 compliance date.
Continue Reading OCR Issues Model Notices of Privacy Practices
Wellpoint pays $1.7 Million to Settle Potential HIPAA Violations
Breach involving software upgrade to online application system leads to allegations of HIPAA privacy and security failures, and a $1.7 million settlement payment to HHS.
Continue Reading Wellpoint pays $1.7 Million to Settle Potential HIPAA Violations
Idaho State University Investigated by HHS Following Report of Data Breach
University’s $400,000 payment to HHS to settle HIPAA compliance allegations highlights critical role of risk assessments, and need for security policies and procedures.
Continue Reading Idaho State University Investigated by HHS Following Report of Data Breach
Final HIPAA/HITECH Privacy and Security Regulations Released
Final HIPAA regulations are out……
Continue Reading Final HIPAA/HITECH Privacy and Security Regulations Released