Category Archives: HITECH Breaches

HHS Overhaul of HIPAA: Summary of New Obligations for Covered Entities and Business Associates

January 24, 2013

On January 17, 2013, the Department of Health and Human Services (HHS) posted Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules [PDF] (the Final Rule) under the authority of the HITECH Act and the Genetic Information Nondiscrimination Act (GINA), as well as under the general authority of HHS. The Final Rule, scheduled (...) [Read More]

Written By JimWieland Comments (1) Categories: HIPAA, HIPAA Business Assoicate, HIPAA Privacy Rule, HIPAA Security Rule, HITECH, HITECH Breaches Tags: , ,

Connecticut Medical Examining Board Fines Physician $20,000 for HIPAA Violations

July 26, 2012

A recent action by the Connecticut Medical Examining Board (a unit of that state’s Department of Public Health) should serve to remind covered entities and business associates that it is not only the federal government that can act to enforce HIPAA’s privacy requirements. In a consent order dated the 21st of March [PDF] but officially (...) [Read More]

Written By jfreemire Comments (0) Categories: HIPAA, HIPAA Privacy Rule, HITECH Breaches, State Privacy Laws Tags: , , ,

Medicaid Pays $1,700,000 to Settle HIPAA Security Violations

July 24, 2012

In its first enforcement action against a state agency, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled last month with Alaska’s Department of Health and Social Services (DHSS) for HIPAA security violations it reported as required by HITECH. DHSS entered into a settlement agreement and agreed to pay $1,700,000 (...) [Read More]

Written By SarahSwank Comments (1) Categories: HIPAA, HIPAA Privacy Rule, HIPAA Security Rule, HITECH, HITECH Breaches Tags: , , ,

First HITECH Breach Enforcement Announced: BCBS Settles with OCR for $1.5 Million

March 29, 2012

Increased enforcement is a key message from the Department of Health and Human Services Office for Civil Rights (OCR). Since the start of 2012, OCR has publicized settlements with three entities: two of which concerned civil rights violations under section 504 of the Rehabilitation Act and the most recent of which concerned violations of the (...) [Read More]

Written By SarahSwank Comments (1) Categories: HIPAA, HIPAA Privacy Rule, HIPAA Security Rule, HITECH Breaches Tags: , , ,

Breach Reporting Plans: Practical Preparation for the (Almost) Inevitable Breach

July 19, 2011

If there is one aspect of the HITECH Act amendments to the HIPAA privacy rule that has had a major impact on the health care provider community and its business associates, it is the so called “Breach Notification Rule.” The rule requires that covered entities (and their business associates) report breaches of unsecured protected health (...) [Read More]

Written By JimWieland Comments (0) Categories: HIPAA, HIPAA Privacy Rule, HITECH Breaches, State Privacy Laws Tags: ,