Tag Archives: HIPAA

Watch: HIPAA Crimes Webinar – How the New Crime Wave Affects You

Unfortunately, health care providers are the perfect mark for theft and extortion because they have huge amounts of sensitive information and maintain such information in computer databases at risk of infiltration. On May 17, Foley Hoag presented a webinar discussing the ongoing crime sprees involving theft of patients’ identities and health information; ransomware involved in these crimes; related data security issues affecting health care providers; and how they implicate law enforcement and the criminal law aspects of HIPAA.

To download a copy of the presentation, click here.

Watch a recording of the webinar:

Top Tips for OCR HIPAA Audit Preparation

Written by Elizabeth Snell | This article was originally published on HealthITSecurity.com 

The recently announced OCR HIPAA audits are not a cause for panic, according to experts, especially of organizations have proper documentation.

With the most recent round of OCR HIPAA audits announced just last month, many healthcare organizations are working to ensure that they are prepared should they be called for investigation.

OCR HIPAA audits will take thorough preparation

While the announcement should not come as a total surprise, several healthcare legal experts explain that covered entities that maintain thorough documentation of… More

HHS OCR Launches Phase 2 of HIPAA Audit Program–So What?

You have seen all the hysterical headlines — “The HIPAA audits are coming, the HIPAA audits are coming….” But when you really think about it, what is the big deal?  If you are a HIPAA covered entity, you surely know by now what you are supposed to be doing.  And you probably have been doing it– so just check around to make sure before you get the dreaded letter from HHS OCR.  And if you are a HIPAA business associate, you are probably a bit behind the covered entities, but again, it’s not a secret what you need… More

Massachusetts Health Information Management Association Winter Meeting: Compliance Beyond HIPAA

On January 22, 2016, I had the pleasure to present to the Massachusetts Health Information Management Association’s Winter Meeting, to discuss “Compliance Beyond HIPAA.”  The presentation slides from the program are available here, and reflect discussion of:

recent HHS OCR guidance on “Individuals’ Right under HIPAA to Access their Health Information 45 CFR §164.524” a new HHS OCR FAQ on EHR incentives and their interaction with HIPAA; amendment of the HIPAA Privacy Rule to address release of mental health information for firearm background checks; charges for copying of records (especially involving attorneys); a new HHS OIG… More

HIPAA Privacy Regulations Amended to Allow Disclosures of Mental Health Information for Firearm Background Checks

On January 4, 2016, the Department of Health and Human Services (HHS) modified the HIPAA Privacy Rule to expressly permit certain covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of those individuals who, for mental health reasons, already are prohibited by Federal law from having a firearm.  According to HHS, “This modification better enables the reporting of the identities of prohibited individuals to the background check system and is… More

Wyndham and FTC Settle Data Breach Lawsuit: Implications

Today, Wyndham and the FTC settled the enforcement action brought by the FTC that had led to a significant decision by the Third Circuit in August of this year.  (Wyndham’s statement on the settlement can be found here; the FTC’s statement can be found here; my earlier analysis of the Third Circuit’s decision can be found here.)  While the details of the settlement are interesting in their own right – Wyndham will not be paying anything by way… More

HIPAA Compliant Technology and the Importance of Encryption

We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc.

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any covered entity (CE) or business associate (BA) that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. The HIPAA Privacy Rule addresses the storage, accessing and sharing of PHI, whereas the HIPAA Security Rule outlines the security standards which protect health data created, received, maintained or transmitted electronically; known as electronic protected health… More

Don’t Put Off That New HIPAA Business Associate Agreement: September 23, 2014 Deadline Looms

It’s been a while, but we have another HIPAA deadline just around the corner: September 23, 2014.

September 23, 2014 is the date by which all HIPAA business associate agreements need to be in compliance with the current HIPAA regulations (often called the Omnibus Rule). The current rules went into effect on March 26, 2013, but certain then-existing HIPAA BAAs were grandfathered and did not have to be updated immediately. The grandfathering ends and up-to-date BAAs must be in place starting September 23, 2014.

Specifically, compliance was required 180 days following the HIPAA Omnibus Rule’s effective date (3/26/13); that initial deadline was… More

Does Wyndham Confirm the FTC’s Role as Federal Privacy Enforcer?

Data breach law in the United States might have just become a lot less patchy, but a little more uncertain.  On April 7, 2014, the District Court of New Jersey decided FTC v. Wyndham Worldwide Corp., et al., No. 13-1887-ES.  This case arises out of a FTC action, brought under the deception and unfairness prongs of Section 5(a) of the FTCA (15 USC s. 54(a)), against Wyndham Worldwide relating to a series of data breaches between April 2008 and January 2010.  The question before the court, on a 12(b)(6) motion to dismiss brought by Wyndham,… More