OR PHONE (866) 635-1838 for Bankruptcy Help, (866) 635-6190 for Divorce,
(866) 635-2689 for Personal Injury or (866) 635-9402 for Criminal Defense

Find a Local Lawyer

Bankruptcy (866) 635-1838
Divorce (866) 635-6190
Personal Injury (866) 635-2689
Criminal Defense (866) 635-9402

Health Law

HIPAA Health Law & Technology HIPAA Health Law & Technology

Legal developments, issues, and other pertinent information relating the creation, use, and exchange of health information. Topics include EHRs and PHRs; HIEs, RHIOs, and EHR networks; privacy and security; breaches; and recent legislation.
By Helen Oscislawski

Post Frequency: 1/day

Last Entry: November 18, 2014 at 11:53:25

Recent Entries: 347

Track this blog ()

Go to HIPAA Health Law & Technology, find other Health Law blogs, or browse all law blogs.

This Blog Only All Blogs


Michael Kline?s ?List of Considerations? for Indemnification Provisions in Business Associate Agreements

Posted on November 18, 2014
I strongly urgeeverycovered entityand business associatefaced with a Business Associate Agreement that includes indemnification provisions to read Michael Kline’s “List of Considerations” before signing. Michael’s list, included inan article he wrote that was recently published in the American Health Lawyers Association’s “AHLA Weekly” and available here, highlights practical and yet not obvious considerations...

OCR: HIPAA Privacy Rule ?Not Set Aside in an Emergency?

Posted on November 12, 2014
The threats to health privacy in the face of the Ebola scare has not escaped the notice of the Office of Civil Rights (OCR). As we reported last month, a great deal of information regarding the identity and condition of individuals who may have been exposed to or treated for Ebola has appeared in news...

Connecticut Supreme Court Decision Depicts Rubik?s Cube of Federal and State Privacy and Security Compliance

Posted on November 11, 2014
As if compliance with the various federal privacy and data security standards weren’t complicated enough, we may see state courts begin to import these standards into determinations of privacy actions brought under state laws. Figuring out which federal privacy and data security standards apply, particularly if the standards conflict or obliquely overlap, becomes a veritable...

Connecticut Supreme Court Recognizes Individual?s Right for State Tort Action Using HIPAA as Standard of Care

Posted on November 09, 2014
The Connecticut Supreme Court handed down a decision in the case of Byrne v. Avery Center for Obstetrics and Gynecology, P.C., — A.3d —-, 2014 WL 5507439 (2014) that [a]ssuming, without deciding, that Connecticut’s common law recognizes a negligence cause of action arising from health care providers’ breaches of patient privacy in the context of...

To access this complete feed in the blog feed reader login or register for free.

Patient Support Groups, Email and the Duty to Warn

Posted on November 05, 2014
I was recently asked whether the sending of an unencrypted group email to participants in a health-related support group violated HIPAA. Faithful blog readers can guess my first question: ?Was the sender a covered entity, business associate, or subcontractor?? Many support group entities are non-profit organizations staffed by volunteers and do not meet the definition...

Medical Device, ?Heal Thyself? from Data Hacking

Posted on October 27, 2014
Innovative health care-related technology and developing telemedicine products have the potential for dramatically changing the way in which health care is accessed. The Federation of State Medical Boards (FSMB) grappled with some of the complexities that arise as information is communicated electronically in connection with the provision of medical care and issued a Model Policy...

Which Privacy Protections Apply? HIPAA, FERPA and Ebola

Posted on October 22, 2014
Recent news articles regarding a New Jersey elementary school?s handling of the enrollment of two new students from Rwanda provided another glimpse of Ebola hysteria and the opportunity for me to follow up on Bill Maruca?s blog about Ebola and HIPAA with yet another (fairly obscure) statutory acronym...

Ebola In The News ? Is Too Much PHI Being Revealed And By Whom?

Posted on October 15, 2014
The names and photos of the late Thomas Eric Duncan and his former nurse Nina Pham are all over news media reports of the first cases of Ebola in the United States. But just how did news outlets learn their identities? Or, as my assistant asked me this morning, ?isn?t this a HIPAA violation?? as...

Cyber-Sleuth or Cyber-Thief? LabMD Case Continues to Expose the Good, the Bad, and the Downright Ugly in Cyber-Security Developments

Posted on October 15, 2014
LabMD, Inc. CEO Michael J. Daugherty continues to doggedly defendLabMD against an action brought bythe Federal Trade Commission (FTC)against LabMD based onSection 5 of the FTC Act. He now has an opportunity to prove himself the ?good guy? following last week?s decision by Chief Administrative Law Judge D...

Beware of Social Utilities Bearing New Apps Gifts

Posted on October 06, 2014
Michael Coco writes: I have never considered myself to be at the forefront of the newest technology. Those familiar with the Technology Adoption Lifecycle might even classify me as a ?laggard.? For example, I don?t own a Blu-ray player, a first-generation iPod nano controls the music in my car, and the only reason I bought...

?Step Away from that Subpoena? and Review HIPAA Obligations Before Producing PHI

Posted on October 01, 2014
If you receive a subpoena, discovery request, or even a court order demanding the release or production of documents or files that may contain protected health information (PHI), are you obligated to comply? The surprising answer, in many cases, is ?no?...

Countdown to September 22nd ? Shortcuts for Business Associate Agreement Compliance

Posted on September 09, 2014
The deadline for executing a HIPAA Omnibus Rule-compliant Business Associate Agreement (BAA) looms just 2 short weeks from today. What can a busy covered entity (CE) or business associate (BA) do quickly to show HHS (let alone its business partners/contractors) that it wants and fully intends to comply with the new requirements? Here are3 shortcuts...

Is that Cute Baby Photo Really PHI? Calming the HIPAA Hullabaloo

Posted on August 14, 2014
Last Sunday?s New York Times article by Anemona Hartocollis on the illegality of posting baby pictures in a doctor?s office made me wonder if anyone I know could pick my kids’ facesout of a line up of cute newborn photos postedon the wall of a doctor?s office...

The Parade of Major Reported PHI Breaches Surges to 885 ? Theft and Loss Dominate the Numbers

Posted on July 30, 2014
The number of large breaches of Protected Health Information (PHI) under HIPAA that have been reported on the so-called ?Wall of Shame? (the HHS List) maintained by the U.S. Department of Health and Human Services has jumped by 239 to 885 in less than a year...

Two Months to Amend HIPAA Business Associate Agreements for Omnibus Compliance, But Beware the Bare Bones BAA

Posted on July 22, 2014
Does your business associate agreement (BAA) reflect your business deal, or is it a bare bones HIPAA compliance document? Now is the time to check. The HIPAA ?Omnibus Rule? published in January of 2013 gave covered entities, business associates, and subcontractors until September 22, 2014 to make their business associate agreements (BAAs) compliant, so use...

Hobby Lobby, HIPAA and Happy Independence Day

Posted on July 03, 2014
The recent United States Supreme Court decisioninBurwell v. Hobby Lobby Stores, Inc. has attorneys, pundits, policy-makers and businesses (yes, corporations are people, too) pondering big, quintessentially American issues like the free exercise of religion, compelling government interests, and our fundamental right to make money (and, as a corollary issue, what distinguishes for-profit from not-for-profit corporations)...

Paper Records HIPAA Violation Results in $800,000 Payment under HHS Resolution Agreement

Posted on June 29, 2014
My partner Elizabeth Litten was quoted at length by Alexis Kateifides in his recent article in DataGuidance entitled ?USA: ‘Unique’ HIPAA violation results in $800,000 settlement? While the full text can be found in the June 26, 2014 article in DataGuidance...

PHI Data Breaches just went from Bad Dream to Nightmare in West Virginia

Posted on June 13, 2014
Michael Cocowrites: The dreaded PHI data breach is every covered entity?s bad dream, but the West Virginia Supreme Court just turned that bad dream into a nightmare. The court decided a case, Tabata v. Charleston Area Medical Center, Inc., brought on behalf of thousands of patients requesting class certification to sue the medical center for...

Risky (Health Care) Business: Disclosure of FTC Data Security Enforcement Potential to Investors and Other Third Parties

Posted on June 09, 2014
Readers of this blog know that we have been tracking the FTC?s recent data security enforcement activities with a particular focus on the FTC v. LabMD case. As reported by Cause of Action, a nonprofit organization involved in the defense of LabMD, the LabMD trial was put on hold on May 30, 2014 until June...

Will Unearthing the FTC?s Data Security Standards Help the Health Care Industry?

Posted on May 07, 2014
As a regulatory lawyer, I frequently find myself parsing words and phrases crafted by legislators and agencies that, all too often, are frustratingly vague or contradictory when applied to a particular real-world and perhaps unanticipated (at the time of drafting) scenario...

Unencrpyted Laptops Prove Costly

Posted on April 24, 2014
Is the PHI on all your mobile devices encrypted? If not, here?s another two million reasons to make encryption your top priority. The Office of Civil Rights (OCR) of the Department of Health and Human Services announced on April 22, 2014 that they had imposed nearly $2 million in penalties on two entities as a...

When the Long Arm of HIPAA Reaches into Mergers, Acquisitions and Asset Sales of Health Care Practices

Posted on April 18, 2014
Michael J. Coco writes: If you have ever bought or sold a business, or you have experience with the process, you are aware of the due diligence efforts and multiple agreements required to close the deal. Transactions involving the sale or purchase of health care related business, such as a medical practice, often take the...

Wild West Data Breach Sheriff Wins a Round Back East

Posted on April 16, 2014
LabMD is not the only company that has tried to buck the FTC?s assertion of authority over data security breaches. Wyndham Worldwide Corp. has spent the past year contesting the FTC?s authority to pursue enforcement actions based upon companies? alleged ?unfair? or ?unreasonable? data security practices...

The Wild West of Data Breach Enforcement by the Feds

Posted on March 18, 2014
Imagine you have completed your HIPAA risk assessment and implemented a robust privacy and security plan designed to meet each criteria of the Omnibus Rule. You think that, should you suffer a data breach involving protected health information as defined under HIPAA (PHI), you can show the Secretary of the Department of Health and Human...

HHS Enforces Against County Government in Washington State

Posted on March 11, 2014
Last week?s Resolution Agreement between the US Department of Health and Human Services, Office for Civil Rights (?HHS?) and a small county in Washington State marks the first time HHS has settled an action against a county government for noncompliance with the Privacy and Security Rules under HIPAA (the ?HIPAA Rules?)...

More on Considerations for Entering into or Revising Business Associate Agreements

Posted on February 26, 2014
My partner Elizabeth Litten and I were interviewed by Marla Durben Hirsch for her recent article in Medical Practice Compliance Alert entitled ?Evaluate Relationships Before Signing Business Associate Agreements.? While the full text can be found in the February 3, 2014 issue of Medical Practice Compliance Alert, the following considerations are based upon points discussed...

Puerto Rico Raises a High Bar for Fines Levied for PHI Breaches

Posted on February 24, 2014
My partner Bill Maruca was quoted in Jeff Overley?s article ?Historic HIPAA Fine Will Push Feds To Get Tougher? published in Law360 on Friday, February 20, 2014. The article reports on the nearly $7 million fine imposed by the Puerto Rico Health Insurance Administration onacontractor, health plan Triple-S Salud Inc...

?Boilerplate? Provisions in Business Associate Agreements Warrant Attention

Posted on January 28, 2014
Michael J. Coco writes: The expanded requirements under the HIPAA Omnibus Rule for a Business Associate Agreement (?BAA?) has created an increase in volume and the need for analysis of such agreements, as individuals in industries traditionally unrelated to health care ? such as IT vendors ?find themselves confronting issues respecting a BAA...

HIPAA Compliance Trends for 2014

Posted on January 22, 2014
My partner Elizabeth Litten and I were interviewed by Marla Durben Hirsch forher Medical Practice Compliance Alert article ?HIPAA, ICD-10 Among 6 Compliance Trends That Will Affect You in 2014.? While the full text can be found in the January 6, 2014 issue of Medical Practice Compliance Alert, a synopsis is noted below...

Springing, Shifting, and Slip-Sliding Business Associate Agreements

Posted on January 17, 2014
What do you do if you have signed a Business Associate Agreement (BAA) with a covered entity, but are getting protected health information (PHI) from the covered entity in conjunction with health care treatment you provide to the individual? What if another covered entity provider has contracted with you to provide services to that provider?s...

Bloggers, promote your law blog by nominating your blog for inclusion in USLaw.com's Law Blog Directory and RSS Reader. Benefits described.
Related Law Bulletins

Related Law Articles

Related Law Questions

Related Searches

US Law
#1 Online Legal Resource

Your Blog Subscriptions
Subscribe to blogs

10,000+ Law Job Listings
Lawyer . Police . Paralegal . Etc
Earn a law-related degree
Are you the author of this blog? Adding USLaw.com to your Blogroll increases relevance. You qualify to display a USLaw Network badge.
Suggest changes to this blog's description or nominate another for inclusion. Register for updates.

Practice Area
Zip Code:

Contact a Lawyer Now!


0.6321 secs (from cache 11/20/14 21:14:29)