My heart goes out to any family member trying desperately to get news about a loved one in the hours and days following an individual or widespread tragedy, irrespective of whether it was triggered by an act of nature, an act of terrorism, or any other violent, unanticipated, life-taking event. My mind, though, struggles with
A Checklist to Get Ready for the HIPAA Audits (Part 2)
Jessica Forbes Olson and T.J. Lang write:
In Part 1, we noted that on March 21, 2016, the Office of Civil Rights (“OCR”) announced it will launch a second round of HIPAA audits this year. As with the first round of audits, in round two OCR will be reviewing compliance with HIPAA Privacy, Security
HIPAA Audits: Ready or Not Here They Come! (Part 1)
Jessica Forbes Olson and T.J. Lang write:
On March 21, 2016, the Office of Civil Rights (“OCR”) announced it will launch a second round of HIPAA audits during 2016. As with the first round of audits, in round two OCR will be reviewing compliance
Health System Settles for $1.5 Million for Failing To Implement Business Associate Agreement
Matthew Redding contributed to this post.
It’s a familiar story: a HIPAA breach triggers an investigation which reveals systemic flaws in HIPAA compliance, resulting in a seven-figure settlement. A stolen laptop, unencrypted data, a missing business associate agreement, and an aggressive, noncompliant contractor add to the feeling of déjà vu.
North Memorial Health Care
HIP-HIP(AA)-HOORAY: Margaret Davino, Esq. Joins Fox Rothschild HIPAA Team and Offers 5 Tips for 2016 HIPAA Compliance
I’m sure fellow bloggers Bill Maruca and Michael Kline join me in giving three cheers for the recent growth in our firm’s health care practice (welcome, Minneapolis!) and ever-deepening pool of attorneys dealing with clients’ privacy and data security issues. But one recent addition to our team, Margaret (“Margie”) Davino, gets a
Election Year Predictions: Expansion of Federal Healthcare Privacy Regulation
Our partner Elizabeth Litten and I were quoted by our good friend Marla Durben Hirsch in her article in Medical Practice Compliance Alert entitled “6 Compliance Trends Likely to Affect Your Practices in 2016.” Full text can be found in the January 13, 2016, issue, but a synopsis is below.
For her article, Marla asked
Emailing PHI? NIST Seeks Comments on Trustworthy Email by November 30, 2015
When and how should you email PHI, if at all? The Office for Civil Rights (OCR) offers guidance as to the permissibility of sending PHI via email in this “Frequently Asked Question” answer, but doesn’t provide specifics as to how PHI can be safely emailed. Whether you are a covered entity or a business
Oncology Group Fined $750,000 Over Stolen Backup Media, Lax Compliance Efforts
Cancer Care Group, P.C., a 13-physician radiation oncology practice in Indiana (group), has agreed to pay $750,000 and implement a comprehensive corrective action plan in a settlement resulting from the theft of a laptop and backup media containing unencrypted patient information. As is often the case, the breach incident triggered an investigation that revealed deeper
Six Tips for Physicians to Protect Patient Data on the Internet
Our partner Elizabeth Litten and I were once again quoted by our good friend Marla Durben Hirsch in her recent articles in Medical Practice Compliance Alert entitled “Misapplication of Internet Application Triggers $218,400 Settlement” and “Protect Patient Data on the Internet with These 6 Steps.” The three of us together were able to come up
MINNESOTA BLUES GET HEALTH RECORDS SNOOPING BLUES
A registered nurse employed by Minnesota Blue Cross Blue Shield (BC/BS) with a history of drug offenses allegedly accessed a prescription drug database 249 times without a legitimate purpose, according to a report by Minneapolis CBS affiliate WCCO posted by reporter Esme Murphy.
The nurse, Jim Johnson, reportedly had been previously assigned by BC/BS under