HHS Overhaul of HIPAA: Summary of New Obligations for Covered Entities and Business Associates

January 24, 2013

On January 17, 2013, the Department of Health and Human Services (HHS) posted Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules [PDF] (the Final Rule) under the authority of the HITECH Act and the Genetic Information Nondiscrimination Act (GINA), as well as under the general authority of HHS. The Final Rule, scheduled (...) [Read More]

Categories: HIPAA, HIPAA Business Assoicate, HIPAA Privacy Rule, HIPAA Security Rule, HITECH, HITECH Breaches Comments (1)
Tags: , ,

New HIPAA Rule Released Today

January 17, 2013

The new HIPAA/HITECH rule in an unpublished version was released today and can be found at www.federalregister.gov/articles/2013/01/25/2013-01073/modifications-to-the-hipaa-privacy-security-enforcement-and-breach-notification-rules. Ober’s analysis to come shortly.

Categories: HIPAA Comments (0)
Tags: , ,

First HIPAA Breach Settlment with Less than 500 Patients

January 2, 2013

Today, HHS announced that it entered into the first breach settlement for less than 500 patients.  HHS settled for $50,000 with Hospice of North Idaho for violations of the HIPAA Security Rule including a failure to maintain security policies and procedures and maintain secure mobile devices.  In June 2010, an unencrypted Hospice of North Idaho laptop was stolen (...) [Read More]

Categories: HIPAA, HIPAA Security Rule, mHealth Comments (0)
Tags: , , ,

Connecticut Medical Examining Board Fines Physician $20,000 for HIPAA Violations

July 26, 2012

A recent action by the Connecticut Medical Examining Board (a unit of that state’s Department of Public Health) should serve to remind covered entities and business associates that it is not only the federal government that can act to enforce HIPAA’s privacy requirements. In a consent order dated the 21st of March [PDF] but officially (...) [Read More]

Categories: HIPAA, HIPAA Privacy Rule, HITECH Breaches, State Privacy Laws Comments (0)
Tags: , , ,

First HITECH Breach Enforcement Announced: BCBS Settles with OCR for $1.5 Million

March 29, 2012

Increased enforcement is a key message from the Department of Health and Human Services Office for Civil Rights (OCR). Since the start of 2012, OCR has publicized settlements with three entities: two of which concerned civil rights violations under section 504 of the Rehabilitation Act and the most recent of which concerned violations of the (...) [Read More]

Categories: HIPAA, HIPAA Privacy Rule, HIPAA Security Rule, HITECH Breaches Comments (1)
Tags: , , ,