If you are a covered entity who experienced a breach of unsecured protected health information affecting fewer than 500 individuals , you must notify the Office of Human Rights of the Department of Health and Human Services of the breach within 60 days of the end of the calendar year in which the breach was
breach notification
Ten Tips for Actions by a Covered Entity after a HIPAA Breach by a Business Associate
By Michael Kline on
This blog recently discussed tips for a covered entity (CE) in dealing with a HIPAA business associate (BA). Now, even though you have adopted all of the tips and more, in this dangerous and ever more complex data security world, one of your BAs suffers a breach and it becomes your responsibility as the…
MINNESOTA BLUES GET HEALTH RECORDS SNOOPING BLUES
By William Maruca on
A registered nurse employed by Minnesota Blue Cross Blue Shield (BC/BS) with a history of drug offenses allegedly accessed a prescription drug database 249 times without a legitimate purpose, according to a report by Minneapolis CBS affiliate WCCO posted by reporter Esme Murphy.
The nurse, Jim Johnson, reportedly had been previously assigned by BC/BS under…
HIPAA Failure Results In Penalties: Lack of Compliance the Key
By William Maruca on
Posted in Articles, HIPAA Enforcement
Our partner Keith McMurdy posted this analysis of a recent HIPAA settlement involving a physician practice on our Employee Benefits Legal Blog:
HIPAA Failure Results In Penalties: Lack of Compliance the Key
By Keith R. McMurdy on January 1, 2014Posted in Plan Administration, Welfare Plans
Often, when I am discussing HIPAA privacy compliance,…
Known Unknowns and Data Losses
By William Maruca on
Posted in Security Breach Notification
A New England hospital has reported the disappearance of backup tapes containing ultrasound images and personal data of 14,000 patients. How do you handle a data loss when you don’t have any way of determining where the data went or who may have seen it? Is it still a “breach” in the technical sense?
These questions…
PHI: The University of Tennessee Medical Center Joins the Parade of Potential Security Breaches
By Michael Kline on
Posted in Security Breach Notification
The University of Tennessee Medical Center based in Knoxville has apparently recently joined in the march.…
Continue Reading