Monitoring Legal Developments Relating to the Privacy and Security of Health Information
With the explosion of health data sifting through cutting-edge companies, industry stakeholders are left to wonder how wearable devices, wellness programs, health applications, and the like should be regulated.
Despite…
Continue Reading Wearable Devices, Wellness Programs, and Health Apps: The Fringes of HIPAA
A large New York hospital system learned this lesson the expensive way. According to a U.S. Department of Health and Human Services (HHS) press release issued earlier this week, the…
Continue Reading One of Three $3 Million Lessons: Encrypt Mobile Devices
“TMI” usually means “too much information”, but it was used aptly by the Office for Civil Rights (OCR) as an acronym for a covered entity that exposed protected health information…
Continue Reading Too Much (Protected Health) Information Exposed + Too Little Response = $3M and Corrective Action Plan for Medical Imaging Company
Yesterday’s listserv announcement from the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) brought to mind this question. The post announces the agreement…
Continue Reading To BAA or Not to BAA? The Question a Florida Provider Should Have Asked in 2011 Results in a Half Million Dollar Payment in 2018
The recent criminal conviction of a Massachusetts physician provides a stark reminder that violating HIPAA can result in more than civil monetary penalties and the financial and reputational fall-out that…
Continue Reading The Heavy Hit of HIPAA: Violations May Send You to Jail
According to the latest HIPAA-related guidance (Guidance) published by the U.S. Department of Health and Human Services (HHS), a cloud service provider (CSP) maintaining a client’s protected health…
Continue Reading The Blindfolded Business Associate: New HHS Guidance on HIPAA and Cloud Computing
Last week, I blogged about a recent U.S. Department of Health and Human Services Office of Civil Rights (OCR) announcement on its push to investigate smaller breaches (those involving fewer…
Continue Reading Six Tips for a Small Business to Avoid HIPAA Security Breach Headaches
What you might have thought was not a big breach (or a big deal in terms of HIPAA compliance), might end up being a big headache for covered entities and…
Continue Reading Small HIPAA Breaches, Big HIPAA Headaches
In a recent Guidance, the Office of Civil Rights of the U.S. Department of Health and Human Services (“OCR”) appears to have attempted to reverse an impression that its…
Continue Reading Eight Tips to Confront the New Initiative by HHS on PHI Security
Contributed by Elizabeth R. Larkin and Jessica Forbes Olson
Health care providers know about and have worked with HIPAA privacy and security rules for well over a decade. They have…
Continue Reading Health Care Providers: Have You Considered HIPAA Compliance for Your Practice’s Group Health Plans?
