PHI Security: You Are Only As Strong As Your Weakest Link

Idaho State University just paid $400,000 to settle HIPAA security violations with the Office of Civil Rights.  OCR contended that ISU failed to maintain adequate security by failing to maintain its firewall for ten months and for other systemic deficiencies.  The problems centered around a family medical clinc.  ISU notified HHS of the breach in which … Continue reading

Tweet Like Email LinkedIn

New HIPAA and HITECH Rules…. Delayed Again

Despite repeated promises, the new HIPAA and HITECH rules are still not out.  While the Department of Health provided the Rules to the White House Office of Managment and Budget on March 24, 2012, OMB has asked for additional time to review the omnibus rules. Normally, OMB review is completed in 90 days.  With this new delay, final rules seem … Continue reading

Tweet Like Email LinkedIn

HIPAA Audits: Coming to Provider Near You?

In November, 2011, the Office of Civil Rights began conducting Audits of Covered Entities for compliance with the HIPAA privacy and security rules.  These audits followed after Congress took the OCR to task for not effectively enforcing HIPAA.  Readers of this Blog may also recall a study performed by OIG which found significant lapses in … Continue reading

Tweet Like Email LinkedIn

HHS Hits Insurer for $1.5 Million

On March 13, 2012 the U.S. Department of Health and Human Services announced that it settled its first enforcement action resulting from a reported HITECH breach.  In the settlement, Blue Cross/Blue Shield of Tennessee agreed to pay One Million Five Hundred Thousand Dollar ($1,500,000.00) to resolve potential violations of the HIPAA Privacy and Security Rules.  Additionally, … Continue reading

Tweet Like Email LinkedIn

Getting Ready for Private Enforcement: Is a New Form of Quasi-Qui Tam Brewing?

We all know that neither HIPAA nor HITECH create a private right of action against a Covered Entity or a Business Associate. At most, a HIPAA violation may be deemed evidence of a breach in the standard of care. Thus far, HIPAA enforcement is in the hands of the Office of Civil Rights which may … Continue reading

Tweet Like Email LinkedIn

DATA BREACH v. DATA LOSS: WHICH IS WORSE?

Electronic health records are a valuable tool for sharing information and coordinating patient care.  These systems enhance quality by allowing providers across the spectrum of care to share and analyze information that would otherwise not be easily accessible.  The benefits to such systems have been analyzed extensively and are now taken for granted.  What happens, … Continue reading

Tweet Like Email LinkedIn

Texas Expands the Privacy Rights of Patients Beyond HIPAA and HITECH

The State Sets Mandatory Deadlines for Training, and Requires Breach Notification for all Healthcare Providers Doing Business in Texas. Texas, already known  for its strict privacy laws, recently enacted legislation which surprisingly expands privacy rights beyond those proscribed in HIPAA and HITECH.  This new law, HB300, will become effective on September 1, 2012.  It  will … Continue reading

Tweet Like Email LinkedIn

OCR Releases Guidance on HITECH Disclosure Accounting

OCR released, on May 31, 2011, the long awaited notice of proposed rulemaking (NPR) regarding the accounting for disclosures of protected health information (PHI) by covered entities and business associates. These proposed regulations seek to implement the HITECH requirement that covered entities and business associates track disclosures for payment, treatment and healthcare operations. If adopted, the … Continue reading

Tweet Like Email LinkedIn

Can Your Hospital Pass an HHS Security Audit?

The HIPAA Privacy and Security regulations have been around since 2006.  Much has been written about data privacy and the unauthorized access to protected health information.  Often, however, hospitals take compliance with security requirements for granted.  It is easy to guess why, as this part of the HIPAA regulations concerns the creation of technical and … Continue reading

Tweet Like Email LinkedIn

What Does Health Reform Have To Do With The Potential For A Data Breach?

Most people are familiar with the current debate regarding health care reform, especially as it relates to the requirement that all individuals purchase health insurance. What a casual observer may not appreciate is that a major component of health reform is the effort to have separate providers, both institutional and physicians, integrate and coordinate their … Continue reading

Tweet Like Email LinkedIn