I’m sure fellow bloggers Bill Maruca and Michael Kline join me in giving three cheers for the recent growth in our firm’s health care practice (welcome, Minneapolis!) and ever-deepening pool of attorneys dealing with clients’ privacy and data security issues. But one recent addition to our team, Margaret (“Margie”) Davino, gets a
NIST
Patient Data Must Be Encrypted, Not “Camouflaged”, as Per FTC Settlement
By Elizabeth Litten on
Posted in Health IT, Privacy & Security
Health care vendors beware: if you tell customers that your product provides industry-standard encryption of protected health information in compliance with HIPAA, you’d better be sure it doesn’t simply “camouflage” the data.
The FTC recently announced a $250,000 settlement with Henry Schein Practice Solutions, Inc. (“Henry Schein”) for falsely advertising that the software it marketed…
Emailing PHI? NIST Seeks Comments on Trustworthy Email by November 30, 2015
By Elizabeth Litten on
When and how should you email PHI, if at all? The Office for Civil Rights (OCR) offers guidance as to the permissibility of sending PHI via email in this “Frequently Asked Question” answer, but doesn’t provide specifics as to how PHI can be safely emailed. Whether you are a covered entity or a business…
5 Practical Steps for Business Associate Compliance
By Elizabeth Litten on
Posted in HIPAA Business Associates
Congratulations! You have a HIPAA-compliant business associate (or subcontractor) agreement in place – now what? How can you implement the agreement without becoming a HIPAA guru?
There are many resources available that offer detailed guidance on risk analysis and implementation protocols (such as the Guide to Privacy and Security of Electronic Health Information published by…
How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips
By Elizabeth Litten on
Posted in Privacy & Security
As our partner Mark McCreary writes in his post describing the “Framework for Improving Critical Infrastructure Cybersecurity” published by the National Institute of Standards and Technology (NIST):
The Framework is designed to work with businesses to reach a sufficient level of cybersecurity protection regardless of size, sector, or level of security. The Framework consists of
…
Do I really need to report (or get a report on) every “Security Incident” under the sun to comply with HIPAA?
By Elizabeth Litten on
Posted in Security Breach Notification
Under HIPAA, where do we draw the line between a run-of-the-mill, ordinary garden variety “security incident” and a “presumed breach” when it comes to reporting PHI events? How do we describe these types of reporting obligations in business associate agreements?…
Continue Reading
OIG EHR Questionnaire Focuses on Fraud Safeguards
By William Maruca on
Posted in Meaningful Use
The OIG is conducting a survey of hospitals who have certified the meaningful use of Electronic Health Record (EHR) Technology, with an emphasis on safeguards that protect the EHR systems from fraudulent access or alteration. A generous hospital compliance officer who has asked to remain nameless has provided me with a copy of the survey …
Fox Rothschild to Participate at NIST and CMS Security Rule Conference
By Fox Rothschild LLP on
Posted in Speaking Engagements & Conferences
As HITECH refocuses the health care industry’s attention on security, the role of National Institute of Standards and Technology (“NIST”) in developing standards for health information security will become more center stage.
On May 18, 2009, Fox Rothschild LLP will present at the NIST and CMS Security Rule Conference in Gaithersburg, Maryland called: “Safeguarding …