On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth
Continue Reading Dos and Don’ts from OCR’s Guidance and FAQs on Telehealth and HIPAA
Enforcement
Back to School and Back to BAAs: OCR Guidance Provides Reason to Review BAA Provisions
Last May, around the time many schools let out for the summer, the Office for Civil Rights (“OCR”) published guidance entitled “Direct Liability of Business Associates” (the “Guidance”),…
Continue Reading Back to School and Back to BAAs: OCR Guidance Provides Reason to Review BAA Provisions
Health System Settles for $1.5 Million for Failing To Implement Business Associate Agreement
Matthew Redding contributed to this post.
It’s a familiar story: a HIPAA breach triggers an investigation which reveals systemic flaws in HIPAA compliance, resulting in a seven-figure settlement. A stolen…
Continue Reading Health System Settles for $1.5 Million for Failing To Implement Business Associate Agreement
Unencrypted Laptops Prove Costly
Is the PHI on all your mobile devices encrypted? If not, here’s another two million reasons to make encryption your top priority. The Office of Civil Rights (OCR) of the…
Continue Reading Unencrypted Laptops Prove Costly
Another Case of Snooping Prosecuted
Once again, a healthcare worker’s inability to resist the temptation to snoop in her employer’s medical records has resulted in criminal prosecution. In the latest incident, a Vermont ultrasound technologist improperly…
Rite Aid settles HIPAA Claims for $1 Million
In a press release dated July 27, 2010, the Department of Health and Human Services announced a settlment under which Rite Aid Corporation and its affiliates have agreed to pay…
Continue Reading Rite Aid settles HIPAA Claims for $1 Million
A First: Connecticut AG Settles With Health Net Over Breach For $250,000
In the first settlement of a HIPAA enforcement action brought by a state attorney general under the new authority granted by the HITECH Act, Connecticut Attorney General Richard Blumenthal announced…
Continue Reading A First: Connecticut AG Settles With Health Net Over Breach For $250,000
California Hospitals Fined for Employees’ Unauthorized Access of Patient Records
The more famous the patient, the greater the temptation to peek at his or her medical records. This is why California enacted health privacy legislation in 2008. Among the latest providers to be…
Continue Reading California Hospitals Fined for Employees’ Unauthorized Access of Patient Records
Snoop Through Records, Go Directly To Jail
A former researcher at UCLA has the dubious distinction of being the first person sentenced to prison under HIPAA for snooping through medical records.
The Justice Department press release reports…
OCR’s HITECH Act Rulemaking and Implementation Update
On March 15, 2010, the Office of Civil Rights of the Department of Health and Human Services published an update on their rulemaking and enforcement efforts under the HITECH Act. It…
Continue Reading OCR’s HITECH Act Rulemaking and Implementation Update