In September 2014, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) released guidance to assist covered entities in understanding their obligations under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in light of the Supreme Court’s 2013 decision in United States v. Windsor.…
Recently, the Department of Health and Human Services Office for Civil Rights (OCR), released its annual report on breaches of protected health information (PHI). Under the Breach Notification Rule, covered entities are required to issue notifications following breaches of unsecured PHI. Examples of covered entities include health care providers and…
On Wednesday, New York Presbyterian Hospital and Columbia University agreed to settle claims with the Department of Health and Human Services (HHS) Office for Civil Rights for a collective $4.8 million stemming from a data breach in 2010. This matter, along with other similar cases, should serve as an important…
On February 24, 2014, the Department of Health and Human Services’ (HHS) Office for Civil Rights (“OCR”) announced in the Federal Register that it plans to survey up to 1,200 organizations to identify candidates for audits under the Health Insurance Portability and Accountability Act (HIPAA) Audit Program. In accordance with…
On January 16, 2014 the Federal Trade Commission (FTC) unanimously reaffirmed its broad authority to regulate a healthcare provider’s data security program deemed inadequate by the FTC in protecting consumers from identity theft or misuse of personal information. The FTC held that a provider’s program is inadequate if it fails…
After months of delay, compliance with the Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and Clinical Health (HITECH) Omnibus Final Rule goes into effect today. HIPAA Privacy and Security Rules are implemented by the Health and Human Services (HHS) Office for Civil Rights. The Omnibus…
On May 21, 2013, the Department of Health and Human Services (HHS) released its settlement agreement with Idaho State University (ISU) for Health Insurance Portability and Accountability Act (HIPAA) violations. The $400,000 settlement agreement involves ISU’s self-reported breach of unsecured electronic protected health information (ePHI) of about 17,500 patients. HHS…
The Office for Civil Rights (OCR) enforces the Health Insurance Portability and Accountability Act (HIPAA) and oversees health information privacy in the Department of Health and Human Services (HHS). On Tuesday, a notice was published in the Federal Register asking for input and comments on the OCR’s HIPAA Audit Review…
The Department of Health and Human Services (HHS) has issued a letter to health care providers to ensure that they are aware of their ability under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to take action, consistent with their ethical standards or other legal obligations, to disclose…
The U.S. Department of Health and Human Services (HHS) recently agreed to a $1.5 million settlement with the Massachusetts Eye and Ear Infirmary for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The HIPAA Security Rule protects electronic health information by requiring HIPAA-covered entities…