While the undertakings of a Medicare ACO and the terminology in the Data Use Agreement for protection of patient data may differ from those of covered entities, business associates and subcontractors and their BAAs under the HIPAA/HITECH regulations, they have many striking similarities and purposes.
Continue Reading HIPAA “Mega Rule”, Meet “Super BAA”: The CMS Data Use Agreement
Privacy & Security
Countdown to 2013 and the HITECH “Mega Rule”: Ten New Year’s Resolutions to Protect Health Information
Here are ten HIPAA resolutions worth making for 2013 for anyone who has contact with protected health information in their job, even without the benefit of the long-awaited Mega Rule.
Continue Reading Countdown to 2013 and the HITECH “Mega Rule”: Ten New Year’s Resolutions to Protect Health Information
PHI Breach Involving Health Plan Leads to Lawsuit by Identity Theft Victims Who Were Plan Members
The principle that individuals whose protected health information is stolen, lost, or otherwise inappropriately used, accessed, or left unsecured have no private right of action against the person or entity responsible for the breach under the HIPAA/HITECH laws may change for victims of identity theft who can show the theft was caused by a HIPAA breach, at least if the action is brought in the 11th Circuit.
Continue Reading PHI Breach Involving Health Plan Leads to Lawsuit by Identity Theft Victims Who Were Plan Members
As We All Continue to Anticipate the HIPAA/HITECH “Mega Rule” from HHS, We Can Test Our Prognosticating Skills
Make the lengthy wait for the long-awaited HIPAA/HITECH Mega Rule more enjoyable by participating in a contest to predict the date of its publication in the Federal Register and the number of its pages.
Continue Reading As We All Continue to Anticipate the HIPAA/HITECH “Mega Rule” from HHS, We Can Test Our Prognosticating Skills
Employers: Beware of PHI “Minimum Necessary” Standards Lurking Under Statutes Other Than HIPAA and State PHI Statutes
Employers should limit PHI that they provide with respect to medical examinations of employees and job applicants and in other contexts to the least amount of medical information necessary for evaluation in order to avoid potential violations of the Americans with Disabilities Act, the Genetic Information Nondisclosure Act, State workers’ compensation laws and other statutes.
Continue Reading Employers: Beware of PHI “Minimum Necessary” Standards Lurking Under Statutes Other Than HIPAA and State PHI Statutes
The Parade of Major PHI Breaches Marches Onward – What Lessons Can Be Learned from Comments by OCR’s Reviewing Stand?
The Department of Health and Human Services list of breaches of unsecured PHI affecting 500 or more individuals includes focused guidance for covered entities and business associates in the form of brief summaries of the cases that the federal Office of Civil Rights has investigated and closed.
Continue Reading The Parade of Major PHI Breaches Marches Onward – What Lessons Can Be Learned from Comments by OCR’s Reviewing Stand?
Protected Health Information on HIT Super-Highways: If it’s Secure, Do We Care Where it Travels and How it is Used When it Lands?
If the PHI flowing through information superhighways and into and out of clouds and other data bases is adequately secured and the increased use and sophistication of health information technology results in improved quality and reduced cost, can anyone reasonably object to this race?
Continue Reading Protected Health Information on HIT Super-Highways: If it’s Secure, Do We Care Where it Travels and How it is Used When it Lands?
A New Year’s Resolution: Review and Analyze Potentially Applicable State Laws Whenever Examining HIPAA Compliance Issues
A recent Federal District Court case in Florida reminds us of the mandatory attention that must be paid to the interaction and potential conflicts or dual applicability of state law with HIPAA compliance, especially in the case of data security breaches.
Continue Reading A New Year’s Resolution: Review and Analyze Potentially Applicable State Laws Whenever Examining HIPAA Compliance Issues
Personal Information Data Breaches – Not If, but When?
In light of the widely publicized pre-Christmas hacking breach of confidential data held by Stratfor Global Intelligence Service, a company specializing in data security, and the earlier TRICARE/SAIC breach, can we trust that any electronically transmitted or stored information is really safe?
Continue Reading Personal Information Data Breaches – Not If, but When?
Where is your data safer – your own server or the cloud?
As physicians and other covered entities evaluate EHR systems, a recurring question is security from intrusion or other breach. Counterintuitively, a recent blog post at www.softwareadvice.com suggests that the safest place for health data…
Continue Reading Where is your data safer – your own server or the cloud?