Unless the Department of Health and Human Services (HHS) makes another last-minute, litigation-inspired decision to delay the September 23, 2013 compliance date, we’re well into the 10-day countdown for compliance
Continue Reading Ten Days, Ten Tips – Countdown to Omnibus Rule Compliance #2
breach
Sixty Days or Sixty Minutes – What is Your Breach Reporting Deadline?
If you are a federally-facilitated health insurance exchange (FFE), a “non-Exchange entity”, or a State Exchange, the answer is “Quick, report!” Those involved with the new health insurance exchanges (or…
Continue Reading Sixty Days or Sixty Minutes – What is Your Breach Reporting Deadline?
Do I really need to report (or get a report on) every “Security Incident” under the sun to comply with HIPAA?
Under HIPAA, where do we draw the line between a run-of-the-mill, ordinary garden variety “security incident” and a “presumed breach” when it comes to reporting PHI events? How do we describe these types of reporting obligations in business associate agreements?
Continue Reading Do I really need to report (or get a report on) every “Security Incident” under the sun to comply with HIPAA?
OCR Announces First “Under 500” Breach Settlement
The first breach settlement announcement of the new year breaks new ground – a $50,000 fine based on theft of a laptop containing 441 patients’ unencrypted data. It’s the first settlement of …
Continue Reading OCR Announces First “Under 500” Breach Settlement
Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?
The settlement in the Accretive Health, Inc. PHI breach case provides a good example of how the blurring of the covered entity and business associate roles can backfire on parties that fail to sufficiently analyze and define such roles, not only at the outset of a relationship but throughout its duration and evolution.
Continue Reading Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?
A Peek Behind the OCR Wall of Shame
Ever wonder about those HIPAA breaches that affect less than 500 individuals and don’t get posted on the government website known as the “Wall of Shame”? In a…
First Small Physician Practice Joins The Parade of HIPAA PHI Security Breaches
Do you think a two-physician cardiology group is too small for the feds to fine for alleged HIPAA violations? Phoenix Cardiac Surgery, P.C. (PCS) has learned otherwise the hard way, to the tune…
Continue Reading First Small Physician Practice Joins The Parade of HIPAA PHI Security Breaches
The Hazards of Data Mining: Minnesota AG Sues Collection Agency for Breach, Improper Use of PHI
A Wall Street-based medical collection service has been sued by the Minnesota Attorney General after losing a laptop containing sensitive information about 23,500 patients treated by two hospitals which contracted…
When Will They Learn? Snooping Nurse Fired, Patients Notified
A nurse has been fired by a Texas hospital after accessing information on patients for whom she had no clinical responsibility, according to the Mt. Pleasant, TX Daily Tribune.
Continue Reading When Will They Learn? Snooping Nurse Fired, Patients Notified
Two Wrongs Don’t Make a Right: How Not to Defend Against Fraud Allegations
If your hospital is being raked over the coals in the media for alleged fraudulent billing, it’s understandable to want to set the record straight. However, releasing patient information without…
Continue Reading Two Wrongs Don’t Make a Right: How Not to Defend Against Fraud Allegations