A large New York hospital system learned this lesson the expensive way. According to a U.S. Department of Health and Human Services (HHS) press release issued earlier this week, the
Continue Reading One of Three $3 Million Lessons: Encrypt Mobile Devices
HIPAA Enforcement
Too Much (Protected Health) Information Exposed + Too Little Response = $3M and Corrective Action Plan for Medical Imaging Company
By Elizabeth G. Litten on
“TMI” usually means “too much information”, but it was used aptly by the Office for Civil Rights (OCR) as an acronym for a covered entity that exposed protected health information…
Continue Reading Too Much (Protected Health) Information Exposed + Too Little Response = $3M and Corrective Action Plan for Medical Imaging Company
To BAA or Not to BAA? The Question a Florida Provider Should Have Asked in 2011 Results in a Half Million Dollar Payment in 2018
By Elizabeth G. Litten on
Yesterday’s listserv announcement from the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) brought to mind this question. The post announces the agreement…
Continue Reading To BAA or Not to BAA? The Question a Florida Provider Should Have Asked in 2011 Results in a Half Million Dollar Payment in 2018
The Heavy Hit of HIPAA: Violations May Send You to Jail
By Elizabeth G. Litten on
The recent criminal conviction of a Massachusetts physician provides a stark reminder that violating HIPAA can result in more than civil monetary penalties and the financial and reputational fall-out that…
Continue Reading The Heavy Hit of HIPAA: Violations May Send You to Jail
The Blindfolded Business Associate: New HHS Guidance on HIPAA and Cloud Computing
By Elizabeth G. Litten on
According to the latest HIPAA-related guidance (Guidance) published by the U.S. Department of Health and Human Services (HHS), a cloud service provider (CSP) maintaining a client’s protected health…
Continue Reading The Blindfolded Business Associate: New HHS Guidance on HIPAA and Cloud Computing
Six Tips for a Small Business to Avoid HIPAA Security Breach Headaches
By Elizabeth G. Litten on
Last week, I blogged about a recent U.S. Department of Health and Human Services Office of Civil Rights (OCR) announcement on its push to investigate smaller breaches (those involving fewer…
Continue Reading Six Tips for a Small Business to Avoid HIPAA Security Breach Headaches
Small HIPAA Breaches, Big HIPAA Headaches
By Elizabeth G. Litten on
What you might have thought was not a big breach (or a big deal in terms of HIPAA compliance), might end up being a big headache for covered entities and…
Continue Reading Small HIPAA Breaches, Big HIPAA Headaches
Eight Tips to Confront the New Initiative by HHS on PHI Security
By Michael Kline on
In a recent Guidance, the Office of Civil Rights of the U.S. Department of Health and Human Services (“OCR”) appears to have attempted to reverse an impression that its…
Continue Reading Eight Tips to Confront the New Initiative by HHS on PHI Security
Health Care Providers: Have You Considered HIPAA Compliance for Your Practice’s Group Health Plans?
By Elizabeth G. Litten on
Contributed by Elizabeth R. Larkin and Jessica Forbes Olson
Health care providers know about and have worked with HIPAA privacy and security rules for well over a decade. They have…
Continue Reading Health Care Providers: Have You Considered HIPAA Compliance for Your Practice’s Group Health Plans?
Reflections on HIPAA Protections and Permissions in the Wake of the Orlando Tragedy
By Elizabeth G. Litten on
My heart goes out to any family member trying desperately to get news about a loved one in the hours and days following an individual or widespread tragedy, irrespective of…
Continue Reading Reflections on HIPAA Protections and Permissions in the Wake of the Orlando Tragedy