Tag Archives: business associate

Bad News for HIPAA Business Associates: HHS OCR Announces $650,000 Settlement for BA Breach

Catholic Health Care Services of the Archdiocese of Philadelphia (“CHCS”), a HIPAA business associate, has agreed to pay the Department of Health and Human Services Office of Civil Rights (“OCR”) $650,000 in connection with a data breach involving the nursing homes to which it provides management and IT services.

The underlying breach occurred in February 2014 (which suggests a significant backlog at OCR in resolving open matters). … More

HHS Proposes Major Changes to HIPAA Privacy, Security and Enforcement Rules

On July 8, 2010, the Department of Health and Human Services (“HHS”) issued a notice of proposed rulemaking (“NPRM” or “proposed rule”)1 modifying the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy, Security, and Enforcement Rules2 pursuant to the Health Information Technology for Economic and Clinical Health Act (“HITECH”), which was enacted February 17, 2009 as part of the American Recovery and Reinvestment Act of 2009, Pub. L. 111-5.

HHS Issues a Notice of Proposed Rulemaking to Modify the HIPAA Privacy, Security, and Enforcement Rules

Earlier today, the Department of Health and Human Services announced proposed modifications to the HIPAA Privacy Rules, calling them the most significant changes in HIPAA since 2003, when the HIPAA Security Rules were adopted.  The propose changes include:

  • provisions extending the applicability of certain of the Privacy and Security Rules’ requirements to the business associates of covered entities;
     
  • establishing new limitations on the use and disclosure of protected health information for marketing and fundraising purposes;…
  • More

Update on HIPAA Business Associate Regulations — OCR Says They Still Aren’t Ready, Gives No Date

In a notice apparently posted March 17, 2010, the Office of Civic Rights of the Department of Health and Human Services (“OCR”) acknowledged its delay in issuing regulations for HIPAA business associate agreements.  Those regulations are now a month overdue and from OCR’s language, they do not appear imminent:

OCR will implement important privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act through notice and comment rulemaking,… More