It is noteworthy that there are often substantial delays in disclosures regarding covered entities (“CEs”) that have become marchers in the Parade of large Protected Health Information (“PHI”) security breaches
Continue Reading The Parade of PHI Security Breaches: Why Did it Take Two Years for the Status of Minne-Tohe Health Center as a Marcher to be Disclosed?
Security Breach Notification
Ten Days, Ten Tips – Countdown to Omnibus Rule Compliance #4 and #5 (aka #8 and #9)
Where did the time go? Today’s the day – September 23, 2013. This is compliance day for most of the Omnibus Rule changes. I had a feeling this deadline would…
Continue Reading Ten Days, Ten Tips – Countdown to Omnibus Rule Compliance #4 and #5 (aka #8 and #9)
The Parade of Major Reported PHI Breaches Jumps Ahead to 646 – Part 2: Business Associates Continue to Augment the Numbers
This blog series has been following breaches of Protected Health Information (“PHI”) that have been reported on the U.S. Department of Health and Human Services (“HHS”) ever-lengthening parade list (the …
Continue Reading The Parade of Major Reported PHI Breaches Jumps Ahead to 646 – Part 2: Business Associates Continue to Augment the Numbers
The Parade of Major Reported PHI Breaches Jumps Ahead to 646 – Theft Continues to Dominate the Numbers
This blog series has been following breaches of Protected Health Information (“PHI”) that have been reported on the U.S. Department of Health and Human Services (“HHS”) ever-lengthening parade list (the …
Continue Reading The Parade of Major Reported PHI Breaches Jumps Ahead to 646 – Theft Continues to Dominate the Numbers
Sixty Days or Sixty Minutes – What is Your Breach Reporting Deadline?
If you are a federally-facilitated health insurance exchange (FFE), a “non-Exchange entity”, or a State Exchange, the answer is “Quick, report!” Those involved with the new health insurance exchanges (or…
Continue Reading Sixty Days or Sixty Minutes – What is Your Breach Reporting Deadline?
The Parade of PHI Security Breaches: With a New Large Breach, Indiana Family and Social Services Administration Marches Again
Elizabeth Litten and Michael Kline write:
For the second time in less than 2 ½ years, the Indiana Family and Social Services Administration (the “FSSA”) has suffered a large…
Continue Reading The Parade of PHI Security Breaches: With a New Large Breach, Indiana Family and Social Services Administration Marches Again
The Parade of Large PHI Security Breaches: The University of Rochester Medical Center Makes it a Triple in 2013
In January 2011 this blog series discussed here and here that the University of Rochester Medical Center (“URMC” or the “Medical Center”) became a marcher twice in 2010 in the…
Continue Reading The Parade of Large PHI Security Breaches: The University of Rochester Medical Center Makes it a Triple in 2013
Do I really need to report (or get a report on) every “Security Incident” under the sun to comply with HIPAA?
Under HIPAA, where do we draw the line between a run-of-the-mill, ordinary garden variety “security incident” and a “presumed breach” when it comes to reporting PHI events? How do we describe these types of reporting obligations in business associate agreements?
Continue Reading Do I really need to report (or get a report on) every “Security Incident” under the sun to comply with HIPAA?
The New and Improved HIPAA/HITECH Rules: What Employers Need to Know
On February 7, 2013, our partner Keith McMurdy, Esq., posted an excellent entry on the Employee Benefits Blog of Fox Rothschild LLP that merits republishing for our readers as well. The post outlined some direct effects of the new HIPAA Omnibus Rule on employers and their health plans.
Continue Reading The New and Improved HIPAA/HITECH Rules: What Employers Need to Know
Collateral Effects of the Omnibus Rule: Exercise Caution in Using Past OCR Summaries on Large PHI Breaches as a Roadmap for Future Guidance
While the summaries of closed investigations posted on the U.S. Department of Health and Human Services list of breaches of unsecured PHI affecting 500 or more individuals continue to provide highly useful information for covered entities, business associates and subcontractors relative to confronting PHI breaches, large and small, they must be analyzed with appropriate care and attention paid to changes brought about by the recently-published Omnibus Rule.
Continue Reading Collateral Effects of the Omnibus Rule: Exercise Caution in Using Past OCR Summaries on Large PHI Breaches as a Roadmap for Future Guidance