Today, in the first settlement of its kind, the Office for Civil Rights at the U.S. Department of Health and Human Services (“OCR”) announced that Bayfront Health St. Petersburg (“Bayfront”) has paid $85,000 to OCR and has adopted a corrective action plan to settle a potential violation of the right of access provision of the Health Insurance Portability and Accountability Act (HIPAA). This is also the first enforcement action under OCR’s Right of Access Initiative,… More
Tag Archives: HIPAA
Partner Colin Zick Discusses Sports Betting and Biometric Data with the Boston Globe
As Massachusetts lawmakers consider whether to legalize sports betting, professional athletes fear that their biometric data – which can be collected and analyzed as part of their training – could become a commodity in this form of gambling. Professional sports leagues say that they have no plans to make this data available for gamblers, but the use of biometric data from wearable health devices is not covered by health privacy laws.… More
HHS to Reduce Top HIPAA Fines Based on “Level of Culpability”
In a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties issued on April 23, 2019, the Department of Health and Human Services (HHS) exercised “its discretion in how it applies HHS regulations concerning the assessment of Civil Money Penalties (CMPs) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as such provision was amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act” to reduce the maximum annual fines it will impose for HIPAA violations.… More
“You Are Known By The Company You Keep” — Including Vendors Without Business Associate Agreements
The concept that one is known by the company one keeps dates back to ancient times (the particular phrase is attributed to both Aesop and the Book of Proverbs). But this simple aphorism continues to be true. A recent example is the $500,000 that Advanced Care Hospitalists (ACH) had to pay to the Office for Civil Rights of the U.S. Department of Health and Human Services (OCR) to settle potential violations of the HIPAA Privacy and Security Rules.… More
The Cost of a Free Press: Allergy Practice Pays $125,000 to Settle Physician’s Disclosure of Patient Information on TV
Allergy Associates of Hartford, P.C. (“Allergy Associates”), has agreed to pay $125,000 to the Office for Civil Rights (“OCR“) at the U.S. Department of Health and Human Services (“HHS”) and to adopt a corrective action plan to settle potential violations of the HIPAA Privacy Rule. Allergy Associates is a health care practice that specializes in treating individuals with allergies, and is comprised of three doctors at four locations across Connecticut.… More
Presentation: New Developments in Health Information Law
Partner Colin Zick recently presented at the MaHIMA Dot Wagg Legislative Seminar discussing recent HIPAA violations, how GDPR will impact US companies and the Trusted Exchange Framework.
Click here to download the slides. More
The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability
It was my pleasure yesterday to speak at MedInnovation Boston 2018, and deliver a presentation on “The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability“. With constantly evolving technology and the new GDPR legal framework. achieving interoperability seems harder than ever. More
Blogging from BIO 2018: Preparing for Convergence
It is the last day of Bio 2018 and I am attending a curiously titled session: Is Biotechnology Drowning in Health Related Data? The panel’s answer to that question is “no” — in fact, they all agreed there isn’t enough data yet, if we want to achieve “convergence”. That’s the new buzz word: convergence. One speaker described it as “a better quantification of humanity.” … More
Partner Colin Zick Speaks to Bloomberg BNA About the Privacy Concerns of Ride-sharing and Healthcare
Reproduced with permission from Bloomberg Law: Health IT Law & Industry Report, (March 9, 2018). Copyright 2018 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com
By James Swann
Privacy and security concerns are mounting as Uber and Lyft break into the medical transportation space.
The two companies recently rolled out separate initiatives to drive patients to and from medical appointments,… More
Recent Reports Confirm Continuing Vulnerability of Healthcare Industry to Cyber Issues
There seems to be a new scientific study published every day—like this one that alleges that eating cheese every day might actually be healthy. Understandably, many of these studies fly under the radar — but two recently published reports regarding cybersecurity and health care should not. These two reports show that the healthcare industry in particular is continuing to struggle with cybersecurity issues. Understanding the vulnerabilities revealed by these studies is important to healthcare organizations attempting to reduce their cybersecurity risks and legal liabilities.… More