Tag Archives: HIPAA

General Data Protection Regulation: What It Means For US Healthcare/Life Science Companies (Part Two)

This is the second post in a three-part series designed to provide a summary of some of the GDPR features that are likely to have the most substantial impact on healthcare/life science related businesses. (Links for Part One and Part Three

New General Features of the GDPR

Some of the GDPR general features may be of particular interest for companies in the healthcare/life science sectors.… More

General Data Protection Regulation: What It Means For US Healthcare/Life Science Companies (Part One)

This is the first post in a three-part series designed to provide a summary of some of the GDPR features that are likely to have the most substantial impact on healthcare/life science related businesses. (Links for Part Two and Part Three)

The clock is ticking: on May 25, 2018, in less than a year from now, the General Data Protection Regulation (“the GDPR”) will apply in all Member States of the European Union (“EU”) and will replace the Directive 95/46/CE (“the Directive”).… More

AG Healey Issues Guidance to Schools and Health Care Providers on Immigration Enforcement Issues

In the wake of several executive orders on immigration, ICE—the federal agency responsible for enforcing the nation’s immigration laws—has ramped up enforcement activities. As a result, local public school districts and health care providers in Massachusetts have asked the Attorney General about their rights and obligations with respect to the undocumented students and patients they serve. On May 22, 2017, the AG issued comprehensive guidance to answer their questions.… More

HHS OCR Alert: Phishing Email Disguised as Official OCR Audit Communication

This alert just in from HHS OCR:

“It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates.  The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy,… More

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.”  These audits don’t involve auditors coming in your facility.  Instead, covered entities are being asked to submit documents on:

     (1) their risk analysis and risk management plans under the HIPAA security rule;

     (2) the content and timeliness for following the HIPAA breach notification rule; or

     (3) the notice of the entity’s privacy practices for health information and patients’… More