Here are ten HIPAA resolutions worth making for 2013 for anyone who has contact with protected health information in their job, even without the benefit of the long-awaited Mega Rule.
Continue Reading Countdown to 2013 and the HITECH “Mega Rule”: Ten New Year’s Resolutions to Protect Health Information
OCR
A Reader’s Comment about a Third Potential Posting on the HHS Breach Parade for Massachusetts Eye and Ear Infirmary
By Fox Rothschild on
A thoughtful reader commented on a recent blog post in this series by highlighting the importance of evaluating the risk of harm by any covered entity that experiences a PHI security breach.
Continue Reading A Reader’s Comment about a Third Potential Posting on the HHS Breach Parade for Massachusetts Eye and Ear Infirmary
As the Parade of Major PHI Breaches Marches Ever Onward, Where Have All the OCR Summaries Gone?
By Fox Rothschild on
The recent paucity of postings of summaries on the Department of Health and Human Services list of large HIPAA privacy breaches by the federal Office of Civil Rights dampens the educational value that can be derived therefrom by covered entities and business associates.
Continue Reading As the Parade of Major PHI Breaches Marches Ever Onward, Where Have All the OCR Summaries Gone?
Employers: Beware of PHI “Minimum Necessary” Standards Lurking Under Statutes Other Than HIPAA and State PHI Statutes
By Fox Rothschild on
Employers should limit PHI that they provide with respect to medical examinations of employees and job applicants and in other contexts to the least amount of medical information necessary for evaluation in order to avoid potential violations of the Americans with Disabilities Act, the Genetic Information Nondisclosure Act, State workers’ compensation laws and other statutes.
Continue Reading Employers: Beware of PHI “Minimum Necessary” Standards Lurking Under Statutes Other Than HIPAA and State PHI Statutes
Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?
By Elizabeth G. Litten on
The settlement in the Accretive Health, Inc. PHI breach case provides a good example of how the blurring of the covered entity and business associate roles can backfire on parties that fail to sufficiently analyze and define such roles, not only at the outset of a relationship but throughout its duration and evolution.
Continue Reading Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?
Advice from OCR’s Breach Parade Reviewing Stand: Verify Whether Your Business Associate is also an Independent Covered Entity
By Fox Rothschild on
The federal Office of Civil Rights deems it necessary for a covered entity (CE) to verify whether a business associate (BA) is also a covered entity with respect to the CE’s protected health information; in turn such CE and BA and their respective counsel should use the verification process to develop provisions in the business associate agreement.
Continue Reading Advice from OCR’s Breach Parade Reviewing Stand: Verify Whether Your Business Associate is also an Independent Covered Entity
Why Can’t I Sue Under HIPAA for a Breach of my Protected Health Information? What Can I Do?
By Fox Rothschild LLP on
Many people who have been in the unfortunate situation where they believe that their protected health information (PHI) has been compromised inappropriately, are often surprised and deeply disappointed to learn that the HIPAA law does not provide a “private right of action.”…
Continue Reading Why Can’t I Sue Under HIPAA for a Breach of my Protected Health Information? What Can I Do?
MD Anderson Posts Notice of Breach on Day 59
By Elizabeth G. Litten on
University of Texas MD Anderson Cancer Center posted notice on its website of a theft of an unencrypted laptop computer containing data on more than 30,000 patients exactly 59 days after the theft took place.
Continue Reading MD Anderson Posts Notice of Breach on Day 59
The Breach Parade: OCR’s Reviewing Stand Lashes Out and Takes $1.7 million from Alaska Medicaid – Who is Really Being Penalized?
By Fox Rothschild on
The recent Department of Health and Human Services (“HHS”) resolution with Alaska Department of Health and Social Services, the state Medicaid agency (“Alaska Medicaid”), which includes the payment by Alaska Medicaid to HHS of $1.7 million respecting possible violations of HIPAA, raises questions as to the exacting of payments by HHS from a state agency that funds medical care for the Alaska indigent from taxpayers.
Continue Reading The Breach Parade: OCR’s Reviewing Stand Lashes Out and Takes $1.7 million from Alaska Medicaid – Who is Really Being Penalized?
The Parade of Major PHI Breaches Marches Onward – What Lessons Can Be Learned from Comments by OCR’s Reviewing Stand?
By Fox Rothschild on
The Department of Health and Human Services list of breaches of unsecured PHI affecting 500 or more individuals includes focused guidance for covered entities and business associates in the form of brief summaries of the cases that the federal Office of Civil Rights has investigated and closed.
Continue Reading The Parade of Major PHI Breaches Marches Onward – What Lessons Can Be Learned from Comments by OCR’s Reviewing Stand?