Perspectives on Health Privacy, Security & HIPAA
33 total results. Page 1 of 2.
Lowell C. Brown, Debra Albin-Riley, Douglas A. Grimm, FACHE, Thomas E. Jeffry, Jr., D. Jacques Smith, Jennifer C. Terry, Sarah G. Benator, Susanna Hathaway Murphy, Diane B. Roldán
We are very pleased to announce that our Health Care attorneys will be hosting two Medical Staff Leaders and the Law Conferences in 2019.
The Centers for Medicare and Medicaid (CMS) is overhauling the Electronic Health Records (EHR) Medicare and Medicaid program for hospitals.
On March 28, 2018, the Governor of Alabama, Kay Ivey, signed SB 318, the Alabama Data Breach Notification Act, which becomes effective June 1, 2018. Alabama is just behind South Dakota, which enacted its data breach notification statute this past March.
On March 21, 2018, South Dakota became the forty-ninth state to enact a data breach notification statute, which becomes effective July 1, 2018.
On December 28, 2017, the Centers for Medicare and Medicaid Services (CMS) issued Survey and Certification Memorandum Number 18-10-ALL to the State Survey Agencies clarifying its position regarding texting health care information by providers.
Earlier this month, the Health Care Industry Cybersecurity Task Force sent to Congress the Report On Improving Cybersecurity in the Health Care Industry.
Our Allies Under Attack! Ransomware Hits the Brits and Quickly Spreading Across Globe – Batten Down the Hatches NOW
Earlier today, numerous hospitals operated by Britain’s National Health Service suffered a ransomware event in which hospital computer systems were encrypted, phone lines became inoperable, patients were diverted, and a Bitcoin ransom was demanded.
On Monday, the US Department of Health & Human Services’ Office for Civil Rights announced that CardioNet has entered into a $2.5 million HIPAA settlement.
Last week, the US Department of Health & Human Services’ Office for Civil Rights (OCR) announced that Denver-based Metro Community Provider Network (a federally-qualified health center or FQHC) will pay $400,000 and implement a corrective action plan to settle its violations of HIPAA.
The Confidentiality of Medical Information Act, permits hospitals and other health care providers to disclose medical information without the patient’s consent for the purposes of reviewing the competence or qualifications of health care professionals or health care services.
For the first time in nearly three decades, the Substance Abuse and Mental Health Services Administration (SAMHSA) has updated the regulations on the confidentiality of substance abuse treatment records found in 42 C.F.R. Part 2.
This is HHS’ first enforcement action against a covered entity that reported a breach, but did not do so timely.
To Text or Not to Text . . . That is the Question: TJC Publishes Updated Guidance for Healthcare Providers
Just before Christmas, The Joint Commission (TJC) published an update clarifying its previous guidance regarding practitioners’ use of text messaging. TJC now says that practitioners may communicate with each other via secure text messaging systems.
Today, the US Department of Health & Human Services’ Office for Civil Rights (OCR) announced that Advocate Health Care Network (Illinois’ largest healthcare system) will pay a record $5.5 million settlement for violating HIPAA.
On June 24, 2016, the non-profit Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule with the U.S. Department of Health and Human Services (HHS).
Ransomware is old news – it has been around at least since 1989 – but it has only now started to attract widespread attention.
On Monday, July 11, 2016, the Office for Civil Rights (OCR) released a fact sheet with guidance for covered entities and business associates on HIPAA and ransomware.
The Office for Civil Rights (OCR) recently began its second round of audits of covered entities and business associates for compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule (the “Phase 2” audits).
Secure Yourself: NIST Releases Final Version of the Cryptographic Standards and Guidelines Development Process
Covered entities and business associates subject to HIPAA Security Rule are closer to getting a benchmark for encryption standards with the release of the Standards and Guidelines Development Process in late March by the National Institute of Standards and Technology (NIST).
On March 21, 2016, the US Department of Health and Human Services Office for Civil Rights (OCR) announced it was beginning its next round of audits of covered entities and business associates for compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.
SAMHSA Proposes First Revisions to Substance Abuse Medical Record Privacy Rules in Almost Three Decades
These proposed changes to the rules governing the confidentiality of substance abuse treatment records mark the first time the regulations have been subject to revision since 1987.
Administrative Law Judge Upholds Imposition of Civil Penalties on Health Care Provider for HIPAA Violations
In a recent decision, a US Department of Health and Human Services (HHS) Administrative Law Judge (ALJ) agreed with the HHS Office of Civil Rights (OCR) that Lincare, Inc. d/b/a United Medical had violated HIPAA.
Ransomware Attack on California Hospital Puts Providers on Alert for New Threats to Health Information
Cybersecurity may have rocketed to the top of management’s priority list in the wake of the recent cyberattack on Hollywood Presbyterian Medical Center (HPMC) that left the hospital unable to access some of its computer systems for ten days.
Potentially missed among end-of-year and holiday activities, the Office for Civil Rights (OCR) has announced three resolution agreements for violations of the HIPAA Privacy and Security Rules within the past month.