The number of large breaches of Protected Health Information (PHI) under HIPAA that have been reported on the so-called “Wall of Shame” (the HHS List) maintained by the U.S. Department
Continue Reading The Parade of Major Reported PHI Breaches Surges to 885 – Theft and Loss Dominate the Numbers
Department of Health and Human Services
Two Months to Amend HIPAA Business Associate Agreements for Omnibus Compliance, But Beware the Bare Bones BAA
Does your business associate agreement (BAA) reflect your business deal, or is it a bare bones HIPAA compliance document?
Now is the time to check. The HIPAA “Omnibus Rule” published…
Continue Reading Two Months to Amend HIPAA Business Associate Agreements for Omnibus Compliance, But Beware the Bare Bones BAA
Hobby Lobby, HIPAA and Happy Independence Day
The recent United States Supreme Court decision in Burwell v. Hobby Lobby Stores, Inc. has attorneys, pundits, policy-makers and businesses (yes, corporations are people, too) pondering big, quintessentially American…
Continue Reading Hobby Lobby, HIPAA and Happy Independence Day
Paper Records HIPAA Violation Results in $800,000 Payment under HHS Resolution Agreement
My partner Elizabeth Litten was quoted at length by Alexis Kateifides in his recent article in DataGuidance entitled “USA: ‘Unique’ HIPAA violation results in $800,000 settlement.” While the full text…
Continue Reading Paper Records HIPAA Violation Results in $800,000 Payment under HHS Resolution Agreement
The Wild West of Data Breach Enforcement by the Feds
Imagine you have completed your HIPAA risk assessment and implemented a robust privacy and security plan designed to meet each criteria of the Omnibus Rule. You think that, should you…
Continue Reading The Wild West of Data Breach Enforcement by the Feds
Puerto Rico Raises a High Bar for Fines Levied for PHI Breaches
My partner Bill Maruca was quoted in Jeff Overley’s article “Historic HIPAA Fine Will Push Feds To Get Tougher” published in Law360 on Friday, February 20, 2014. The article reports…
Continue Reading Puerto Rico Raises a High Bar for Fines Levied for PHI Breaches
The Parade of PHI Security Breaches: Why Did it Take Two Years for the Status of Minne-Tohe Health Center as a Marcher to be Disclosed?
It is noteworthy that there are often substantial delays in disclosures regarding covered entities (“CEs”) that have become marchers in the Parade of large Protected Health Information (“PHI”) security breaches…
Continue Reading The Parade of PHI Security Breaches: Why Did it Take Two Years for the Status of Minne-Tohe Health Center as a Marcher to be Disclosed?
A Business Associate Agreement Dilemma: To Indemnify or Not to Indemnify – Ten Considerations
A party (Party) to a HIPAA Business Associate Agreement (BAA) or Subcontractor Agreement (SCA), whether a covered entity (CE), business associate (BA) or subcontractor (SC), may struggle with the question…
Continue Reading A Business Associate Agreement Dilemma: To Indemnify or Not to Indemnify – Ten Considerations
Ten Days, Ten Tips – Countdown to Omnibus Rule Compliance #3
Unless the Department of Health and Human Services (HHS) makes another last-minute, litigation-inspired decision to delay the September 23, 2013 compliance date, we’re well into the 10-day countdown for compliance…
Continue Reading Ten Days, Ten Tips – Countdown to Omnibus Rule Compliance #3
The Parade of Major Reported PHI Breaches Jumps Ahead to 646 – Theft Continues to Dominate the Numbers
This blog series has been following breaches of Protected Health Information (“PHI”) that have been reported on the U.S. Department of Health and Human Services (“HHS”) ever-lengthening parade list (the …
Continue Reading The Parade of Major Reported PHI Breaches Jumps Ahead to 646 – Theft Continues to Dominate the Numbers