More than eleven years have passed since the U.S. Department of Health and Human Services (HHS), the agency responsible for the privacy of protected health information under HIPAA, and the
Continue Reading HIPAA versus FERPA: New Joint Guidance Highlights Emergencies and Complexities
Health and Human Services
Ten Days, Ten Tips – Countdown to Omnibus Rule Compliance
Unless the Department of Health and Human Services (HHS) makes another last-minute, litigation-inspired decision to delay the September 23, 2013 compliance date, we’re on a 10-day countdown for compliance with…
Continue Reading Ten Days, Ten Tips – Countdown to Omnibus Rule Compliance
The Parade of Major Reported PHI Breaches Jumps Ahead to 646 – Part 2: Business Associates Continue to Augment the Numbers
This blog series has been following breaches of Protected Health Information (“PHI”) that have been reported on the U.S. Department of Health and Human Services (“HHS”) ever-lengthening parade list (the …
Continue Reading The Parade of Major Reported PHI Breaches Jumps Ahead to 646 – Part 2: Business Associates Continue to Augment the Numbers
The Parade of Large PHI Security Breaches: The University of Rochester Medical Center Makes it a Triple in 2013
In January 2011 this blog series discussed here and here that the University of Rochester Medical Center (“URMC” or the “Medical Center”) became a marcher twice in 2010 in the…
Continue Reading The Parade of Large PHI Security Breaches: The University of Rochester Medical Center Makes it a Triple in 2013
The New and Improved HIPAA/HITECH Rules: What Employers Need to Know
On February 7, 2013, our partner Keith McMurdy, Esq., posted an excellent entry on the Employee Benefits Blog of Fox Rothschild LLP that merits republishing for our readers as well. The post outlined some direct effects of the new HIPAA Omnibus Rule on employers and their health plans.
Continue Reading The New and Improved HIPAA/HITECH Rules: What Employers Need to Know
Collateral Effects of the Omnibus Rule: Exercise Caution in Using Past OCR Summaries on Large PHI Breaches as a Roadmap for Future Guidance
While the summaries of closed investigations posted on the U.S. Department of Health and Human Services list of breaches of unsecured PHI affecting 500 or more individuals continue to provide highly useful information for covered entities, business associates and subcontractors relative to confronting PHI breaches, large and small, they must be analyzed with appropriate care and attention paid to changes brought about by the recently-published Omnibus Rule.
Continue Reading Collateral Effects of the Omnibus Rule: Exercise Caution in Using Past OCR Summaries on Large PHI Breaches as a Roadmap for Future Guidance
The Parade of Major Reported PHI Breaches Creeps Ahead to 525 – Theft Continues to Dominate the Numbers
As of January 1, 2013, there were 525 postings on the U.S. Department of Health and Human Services list of breaches of unsecured PHI affecting 500 or more individuals. “Theft” constituted the majority of PHI breach types reported.
Continue Reading The Parade of Major Reported PHI Breaches Creeps Ahead to 525 – Theft Continues to Dominate the Numbers
As the Breach Parade Passes 500 Marchers: Should There be a Posting on the HHS List for a Third Massachusetts Eye and Ear Infirmary Breach?
Much has been written about the circumstances surrounding the agreement of Massachusetts Eye and Ear Infirmary (“MEEI”) to pay the U.S. Department of Health and Human Services the sum of $1.5 million to settle potential violations involving an alleged 2010 security breach of PHI under HIPAA. However, relatively little has been written that the 2010 breach was the second of what may be three significant PHI breaches experienced by MEEI within the last three years.
Continue Reading As the Breach Parade Passes 500 Marchers: Should There be a Posting on the HHS List for a Third Massachusetts Eye and Ear Infirmary Breach?
As the Parade of Major PHI Breaches Marches Ever Onward, Where Have All the OCR Summaries Gone?
The recent paucity of postings of summaries on the Department of Health and Human Services list of large HIPAA privacy breaches by the federal Office of Civil Rights dampens the educational value that can be derived therefrom by covered entities and business associates.
Continue Reading As the Parade of Major PHI Breaches Marches Ever Onward, Where Have All the OCR Summaries Gone?
As We All Continue to Anticipate the HIPAA/HITECH “Mega Rule” from HHS, We Can Test Our Prognosticating Skills
Make the lengthy wait for the long-awaited HIPAA/HITECH Mega Rule more enjoyable by participating in a contest to predict the date of its publication in the Federal Register and the number of its pages.
Continue Reading As We All Continue to Anticipate the HIPAA/HITECH “Mega Rule” from HHS, We Can Test Our Prognosticating Skills