The answer to this question has changed yet again. I’ve blogged on this topic several times in the past (see here, here and here), and described the question
Continue Reading Tell Me Again: What Can Covered Entities (or their Business Associates) Charge for Medical Records Requests?

The recent paucity of postings of summaries on the Department of Health and Human Services list of large HIPAA privacy breaches by the federal Office of Civil Rights dampens the educational value that can be derived therefrom by covered entities and business associates.
Continue Reading As the Parade of Major PHI Breaches Marches Ever Onward, Where Have All the OCR Summaries Gone?

On February 24, 2012, HHS posted number 400 on its ever-lengthening list of breaches of unsecured PHI affecting 500 or more individuals. Theft of laptops is a recurrent source of such breaches, and the 400th breach was such an incident affecting Triumph, LLC in North Carolina.
Continue Reading The Parade of Major Reported PHI Breaches Hits 400 – A Closer Look at Victim 400 and its Actions in Response to the Breach – Part 2