January 24, 2013
On January 17, 2013, the Department of Health and Human Services (HHS) posted Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules [PDF] (the Final Rule) under the authority of the HITECH Act and the Genetic Information Nondiscrimination Act (GINA), as well as under the general authority of HHS. The Final Rule, scheduled (...) [Read More]
July 26, 2012
Covered Entities and Business Associates may be breathing a little easier lately, after the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) made public the detailed audit protocols used by KPMG during the first round of random audits. The protocols contain some surprises, but, at a minimum, their publication ends what (...) [Read More]
July 26, 2012
A recent action by the Connecticut Medical Examining Board (a unit of that state’s Department of Public Health) should serve to remind covered entities and business associates that it is not only the federal government that can act to enforce HIPAA’s privacy requirements. In a consent order dated the 21st of March [PDF] but officially (...) [Read More]
July 24, 2012
In its first enforcement action against a state agency, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled last month with Alaska’s Department of Health and Social Services (DHSS) for HIPAA security violations it reported as required by HITECH. DHSS entered into a settlement agreement and agreed to pay $1,700,000 (...) [Read More]
June 5, 2012
On March 24, 2012, the Department of Health and Human Services (HHS) sent the much-anticipated rule implementing the HITECH Act changes to HIPAA (HITECH Rule) to the Office of Management and Budget (OMB). This starts the clock running on the 90-day period allowed for OMB review. It is expected that, given the scope of the (...) [Read More]
March 29, 2012
Increased enforcement is a key message from the Department of Health and Human Services Office for Civil Rights (OCR). Since the start of 2012, OCR has publicized settlements with three entities: two of which concerned civil rights violations under section 504 of the Rehabilitation Act and the most recent of which concerned violations of the (...) [Read More]
January 18, 2012
Last summer, the United States Department of Health and Human Services (HHS) sought comments on potential revisions to the Common Rule [PDF] after over two decades of virtually no change. In the advanced notice of proposed rule making [PDF] related to the Common Rule, HHS sought to address concerns about institutional review boards’ (IRBs) (...) [Read More]
September 19, 2011
If the most recent proposed changes to the HIPAA Privacy Rule and CLIA regulations are finalized as proposed, laboratories across America will be obligated to provide test results to individual patients upon request. The changes to CLIA and the HIPAA Privacy Rule are coordinated and, taken together, would result in a marked change from the (...) [Read More]
July 19, 2011
If there is one aspect of the HITECH Act amendments to the HIPAA privacy rule that has had a major impact on the health care provider community and its business associates, it is the so called “Breach Notification Rule.” The rule requires that covered entities (and their business associates) report breaches of unsecured protected health (...) [Read More]
July 19, 2011
In this age of information overload, it is no wonder that privacy incidents are on the minds of regulators, the media and patients. Electronic information in all forms comes at us faster and faster, leaving the recipient without much time to discern among appropriate privacy levels. The increased use of social media and the reality (...) [Read More]
