Final HIPAA regulations are out…
Continue Reading Final HIPAA/HITECH Privacy and Security Regulations Released
Written Information Security Program
Health Care Providers May Disclose PHI to Avert Threats to Health and Safety, HHS Letter Confirms
By Joseph J. Lazzarotti on
Posted in HIPAA, Written Information Security Program
Following the mass shootings in Newtown, CT, and Aurora, CO, Office for Civil Rights Director Leon Rodriguez issued a letter on January 15, 2013, reminding covered health care providers about disclosures of protected health information that may be made to avert threats to health and safety.
The letter points out, for example, that mental health…
Privacy on the Go: California’s Recommendations for Mobile Device/App Privacy and Security
In 2012, California took significant steps to increase privacy protections for users of mobile applications (apps) which involved working with companies such as Amazon, Apple, Facebook, Google, Hewlett-Packard, and Microsoft. In July 2012, the Attorney General created the Privacy Enforcement and Protection Unit, with the mission of protecting the inalienable right to privacy conferred by the…
Massachusetts AG Coakley Announces $140K Settlement Following Public Dumping of HIPAA PHI by Medical Billing Service Provider
Medical billing company’s alleged dumping of medical records results in $140K settlement with Massachusetts Attorney General.
Continue Reading Massachusetts AG Coakley Announces $140K Settlement Following Public Dumping of HIPAA PHI by Medical Billing Service Provider
Start 2013 On The Right Foot – Assess Your Organization’s Information Risk
The $50,000 in penalties that the Office for Civil Rights (OCR) recently imposed on a health care provider in Idaho was due in part to allegations that the HIPAA covered entity had not conducted a risk assessment as required under the HIPAA privacy and security regulations. Of course, HIPAA is not the only law that requires a risk…
Small HIPAA Breach (Affecting Fewer Than 500) Leads to Substantial Penalties
HIPAA data breach affecting 441 patients leads to investigation resulting in $50K in penalties due to alleged lapses in security compliance.
Continue Reading Small HIPAA Breach (Affecting Fewer Than 500) Leads to Substantial Penalties
OCR Releases Guidance on “De-Identification” of PHI under HIPAA
On Monday, the Office for Civil Rights released guidance regarding methods for de-identification of protected health information (PHI) in accordance with the HIPAA Privacy Rule and as required by the American Recovery and Reinvestment Act of 2009.
HIPAA covered entities and business associates recognize the increasing risks related to handling "protected health information." One way to reduce these…
California Employees Get New Rights to Personnel Records Beginning in 2013
California Governor Jerry Brown has signed into law (AB 2674) new requirements specifying when and how employers must respond to their employees’ requests for inspection and copying of their personnel files. The new requirements become effective January 1, 2013.
California AG Begins Enforcing the State’s Online Privacy Protection Act for Websites, Aps
California AG begins enforcing the state’s Online Privacy Protection Act which requires commercial operators of online services, including websites and mobile and social apps, that collect personally identifiable information from Californians to conspicuously post a privacy policy.
Continue Reading California AG Begins Enforcing the State’s Online Privacy Protection Act for Websites, Aps
Sandy – A Reminder to Adopt/Reevaluate Your Disaster Recovery Plan
The effects of a hurricane like Sandy should be a reminder to all businesses of the importance of disaster recovery planning. When these storms threaten there is no shortage of images of sandbags and plywood being used to prevent harm to companies’ bricks and mortar. However, rarely do we see steps businesses should be taking to protect…