Last week for the first time, the Office for Civil Rights of HHS reported exacting heavy financial obligations from (i) Cignet Health on February 22, 2011, with a $4.3 million civil monetary penalty assessment for violations of the HIPAA Privacy Rule, and (ii) Massachusetts General Hospital on February 24, 2011, for a settlement that includes a payment to the U.S. government of $1,000,000 for potential violations of HIPAA.
Continue Reading New Turn in the Parade of PHI Breaches: Office of Civil Rights Exacts Heavy Payments From Cignet Health and Massachusetts General Hospital
Privacy & Security
PHI: What Can a Provider Do to “Insure” Against a Security Breach?
A type of relatively new insurance coverage may be an option for those who worry that even airtight, well-implemented policies and procedures may not be enough to protect a healthcare provider against financial losses from a PHI security breach.
Continue Reading PHI: What Can a Provider Do to “Insure” Against a Security Breach?
PHI: The Parade of Security Breaches Continues to Lengthen with the Addition of Thomas Jefferson University Hospital
The requirements under the HIPAA/HITECH statutes and regulations for public disclosure of security breaches of Protected Health Information (“PHI”) have brought to light an increasing volume involving highly respected…
California Hospitals Fined for Employees’ Unauthorized Access of Patient Records
The more famous the patient, the greater the temptation to peek at his or her medical records. This is why California enacted health privacy legislation in 2008. Among the latest providers to be…
Continue Reading California Hospitals Fined for Employees’ Unauthorized Access of Patient Records
HHS Releases Excellent Compendium of Privacy and Security Resources
The Secretary of Health and Human Services (HHS) released today a compendium of reports on state law, business practices, and policy variations to assist health information exchange efforts. I reviewed some of the…
Continue Reading HHS Releases Excellent Compendium of Privacy and Security Resources
Does Oklahoma’s New Abortion Law Violate HIPAA?
On November 1, 2009, the "Statistical Reporting of Abortion Law" was scheduled to go into effect in Oklahoma. A temporary restraining order issued on October 20, 2009, however, has blocked…
Continue Reading Does Oklahoma’s New Abortion Law Violate HIPAA?
Dare to Take-a-Peek? Think Again.
I have said it before, and I will say it again — employees must come to understand and truly appreciate the huge risks involved and penalties at stake with "taking a peek"…
Securing Protected Health Information (PHI)
[Installment 4 – Governance Considerations from HIT for the Board and Other Hospital Stakeholders]. This is the fourth in a series of blog posts that relate to the governance concerns surrounding…
Continue Reading Securing Protected Health Information (PHI)
Twitter and Patient Privacy Rights
[Installment 2 – Governance Considerations from HIT for the Board and Other Hospital Stakeholders]
This is the second in a series of blog posts that relate to the governance concerns surrounding…
Putting ARRA Money in the HIPAA/HITECH Enforcement Mouth
In accordance with the 90-day deadline established for an operating plan to be submitted to Congress on expenditures related to the $2 Billion Dollars appropriated under the American Recovery and Reinvestment Act…
Continue Reading Putting ARRA Money in the HIPAA/HITECH Enforcement Mouth