Final HIPAA regulations are out…
Continue Reading Final HIPAA/HITECH Privacy and Security Regulations Released
Health Care Providers May Disclose PHI to Avert Threats to Health and Safety, HHS Letter Confirms
By Joseph J. Lazzarotti on
Posted in HIPAA, Written Information Security Program
Following the mass shootings in Newtown, CT, and Aurora, CO, Office for Civil Rights Director Leon Rodriguez issued a letter on January 15, 2013, reminding covered health care providers about disclosures of protected health information that may be made to avert threats to health and safety.
The letter points out, for example, that mental health…
Start 2013 On The Right Foot – Assess Your Organization’s Information Risk
The $50,000 in penalties that the Office for Civil Rights (OCR) recently imposed on a health care provider in Idaho was due in part to allegations that the HIPAA covered entity had not conducted a risk assessment as required under the HIPAA privacy and security regulations. Of course, HIPAA is not the only law that requires a risk…
Small HIPAA Breach (Affecting Fewer Than 500) Leads to Substantial Penalties
HIPAA data breach affecting 441 patients leads to investigation resulting in $50K in penalties due to alleged lapses in security compliance.
Continue Reading Small HIPAA Breach (Affecting Fewer Than 500) Leads to Substantial Penalties
OCR Releases Guidance on “De-Identification” of PHI under HIPAA
On Monday, the Office for Civil Rights released guidance regarding methods for de-identification of protected health information (PHI) in accordance with the HIPAA Privacy Rule and as required by the American Recovery and Reinvestment Act of 2009.
HIPAA covered entities and business associates recognize the increasing risks related to handling "protected health information." One way to reduce these…
OCR Issues Protocol For HIPAA Privacy, Security and Breach Notification Audit Program
By Jason C. Gavejian on
As we previously discussed, the Office of Civil Rights (“OCR”) continues to push forward with the HIPAA audits required by the HITECH Act. To this end, the OCR recently posted the protocol which is used to conduct the HIPAA audits on its website.
The HITECH Act requires HHS to provide for periodic audits to…
HHS Makes HIPAA Training Materials Available to State Attorneys General
By Joseph J. Lazzarotti on
Posted in HIPAA
Federal HIPAA enforcement agency adds new online tool to train State Attorneys General to enforce HIPAA.
Continue Reading HHS Makes HIPAA Training Materials Available to State Attorneys General
OCR Announces HIPAA Audit Program
Today, the Office for Civil Rights formally announced its HIPAA audit plan, with audits commencing in November 2011. A new page on OCR’s website answers some helpful questions for covered entities and business associates, which are summarized in this report.
Continue Reading OCR Announces HIPAA Audit Program
HIPAA Audits to Begin Early 2012
Approximately 150 HIPAA on-site audits are scheduled to begin in early 2012. Covered entities and business associates should be aware of the nature and scope of these audits and what they should be doing to be prepare should they be selected.
Continue Reading HIPAA Audits to Begin Early 2012
HHS to Help Train State Attorneys General to Enforce HIPAA
By Joseph J. Lazzarotti on
While years of lax enforcement may have lulled many HIPAA covered entities and business associates to not take HIPAA seriously, recent activities by HHS, including the recently announced nationwide enforcement training program for State Attorneys General should spur renewed efforts toward compliance.
Continue Reading HHS to Help Train State Attorneys General to Enforce HIPAA