.

Google       

OR PHONE (866) 635-1838 for Bankruptcy Help, (866) 635-6190 for Divorce,
(866) 635-2689 for Personal Injury or (866) 635-9402 for Criminal Defense

Find a Local Lawyer

Bankruptcy (866) 635-1838
Divorce (866) 635-6190
Personal Injury (866) 635-2689
Criminal Defense (866) 635-9402


Health Law

HIPAA Health Law & Technology HIPAA Health Law & Technology

Legal developments, issues, and other pertinent information relating the creation, use, and exchange of health information. Topics include EHRs and PHRs; HIEs, RHIOs, and EHR networks; privacy and security; breaches; and recent legislation.
By Helen Oscislawski

Post Frequency: 3.1/day

Last Entry: March 18, 2014 at 11:28:38

Recent Entries: 324

Track this blog ()

Go to HIPAA Health Law & Technology, find other Health Law blogs, or browse all law blogs.

Search
This Blog Only All Blogs

Posts

The Wild West of Data Breach Enforcement by the Feds

Posted on March 18, 2014
Imagine you have completed your HIPAA risk assessment and implemented a robust privacy and security plan designed to meet each criteria of the Omnibus Rule.  You think that, should you suffer a data breach involving protected health information as defined under HIPAA (PHI), you can show the Secretary of the Department of Health and Human...


HHS Enforces Against County Government in Washington State

Posted on March 11, 2014
Last week?s Resolution Agreement between the US Department of Health and Human Services, Office for Civil Rights (?HHS?) and a small county in Washington State marks the first time HHS has settled an action against a county government for noncompliance with the Privacy and Security Rules under HIPAA (the ?HIPAA Rules?)...


More on Considerations for Entering into or Revising Business Associate Agreements

Posted on February 26, 2014
My partner Elizabeth Litten and I were interviewed by Marla Durben Hirsch for her recent article in Medical Practice Compliance Alert entitled ?Evaluate Relationships Before Signing Business Associate Agreements.? While the full text can be found in the February 3, 2014 issue of Medical Practice Compliance Alert, the following considerations are based upon points discussed...


Puerto Rico Raises a High Bar for Fines Levied for PHI Breaches

Posted on February 24, 2014
My partner Bill Maruca was quoted in Jeff Overley?s article ?Historic HIPAA Fine Will Push Feds To Get Tougher? published in Law360 on Friday, February 20, 2014.   The article reports on the nearly $7 million fine imposed by the Puerto Rico Health Insurance Administration on a contractor, health plan Triple-S Salud Inc...


To access this complete feed in the blog feed reader login or register for free.

?Boilerplate? Provisions in Business Associate Agreements Warrant Attention

Posted on January 28, 2014
Michael J. Coco writes: The expanded requirements under the HIPAA Omnibus Rule for a Business Associate Agreement (?BAA?) has created an increase in volume and the need for analysis of such agreements, as individuals in industries traditionally unrelated to health care ? such as IT vendors ?find themselves confronting issues respecting a BAA...


HIPAA Compliance Trends for 2014

Posted on January 22, 2014
My partner Elizabeth Litten and I were interviewed by Marla Durben Hirsch for her Medical Practice Compliance Alert article ?HIPAA, ICD-10 Among 6 Compliance Trends That Will Affect You in 2014.? While the full text can be found in the January 6, 2014 issue of Medical Practice Compliance Alert, a synopsis is noted below...


Springing, Shifting, and Slip-Sliding Business Associate Agreements

Posted on January 17, 2014
What do you do if you have signed a Business Associate Agreement (BAA) with a covered entity, but are getting protected health information (PHI) from the covered entity in conjunction with health care treatment you provide to the individual? What if another covered entity provider has contracted with you to provide services to that provider?s...


HIPAA Failure Results In Penalties: Lack of Compliance the Key

Posted on January 07, 2014
Our partner Keith McMurdy posted this analysis of a recent HIPAA settlement involving a physician practice on our Employee Benefits Legal Blog: HIPAA Failure Results In Penalties: Lack of Compliance the Key By Keith R. McMurdy on January 1, 2014Posted in Plan Administration, Welfare Plans Often, when I am discussing HIPAA privacy compliance, I am...


Avoiding a HIPAA Identity Crisis in 2014

Posted on December 27, 2013
Who you are makes a big difference in how and whether you must protect individually identifiable health information under HIPAA.   As we near the end of 2013, I look back at the events of the past year and am struck by the breadth and complexity of the issues we have written about on this blog...


Complex New Healthcare Relationships Create New Challenges in Electronic Health Records

Posted on December 22, 2013
My partner Elizabeth G. Litten and I were interviewed by Marla Durben Hirsch in the FierceEMR article “Healthcare Attorneys: New Business Relationships Will Create New EHR Problems.” It is always a pleasure for us to talk with Marla because she provokes our thinking in new areas...


OCR Gets Coal in its Stocking from OIG

Posted on December 05, 2013
Who watches the watchdogs to ensure they?re not sleeping on the job? The Office of Inspector General (OIG) of the Department of Health and Human Services has published a report of its review of the Office of Civil Rights? HIPAA/HITECH Security Rule oversight efforts, and some of the findings are not pretty...


The Parade of PHI Security Breaches: Why Did it Take Two Years for the Status of Minne-Tohe Health Center as a Marcher to be Disclosed?

Posted on October 29, 2013
It is noteworthy that there are often substantial delays in disclosures regarding covered entities (?CEs?) that have become marchers in the Parade of large Protected Health Information (?PHI?) security breaches under HIPAA.  This is the case even though the PHI breach notification rule requires that, when a PHI breach affects 500 or more individuals (a...


Embarrassing Fact: Few Seem to Understand HIPAA or the ACA (at least when it comes to individual health coverage to be purchased on an Exchange)

Posted on October 29, 2013
I read a recent Forbes.com post by Rick Ungar (?Claims That Obamacare Website Violates Health Privacy Reveals Embarrassing Fact ? GOP Does Not Understand HIPAA or Obamacare?) that revealed a truly embarrassing fact:  very few of us really understand HIPAA, let alone the intricacies of the Affordable Care Act (?ACA? or ?Obamacare?) and its interplay...


A Business Associate Agreement Dilemma: To Indemnify or Not to Indemnify ? Ten Considerations

Posted on October 01, 2013
A party (Party) to a HIPAA Business Associate Agreement (BAA) or Subcontractor Agreement (SCA), whether a covered entity (CE), business associate (BA) or  subcontractor (SC), may struggle with the question as to whether to agree to, demand, request, submit to, negotiate or permit, an indemnification provision (Provision) respecting the counterparty (Counterparty) under a BAA or...


Ten Days, Ten Tips ? Countdown to Omnibus Rule Compliance #4 and #5 (aka #8 and #9)

Posted on September 23, 2013
Where did the time go?  Today?s the day ? September 23, 2013.  This is compliance day for most of the Omnibus Rule changes.  I had a feeling this deadline would catch up with me faster than I would be able to blog my 10 tips, so I?m going to count ?TIP TWO? as tips TWO...


Ten Days, Ten Tips ? Countdown to Omnibus Rule Compliance #10

Posted on September 23, 2013
Here?s the official 10th tip to help you comply with today?s Omnibus Rule deadline.  However, since I had to make TIP TWO into TIPs TWO through SEVEN when I realized my time had was running out, I will continue to blog a few more tips over the coming weeks...


Ten Days, Ten Tips ? Countdown to Omnibus Rule Compliance #3

Posted on September 17, 2013
Unless the Department of Health and Human Services (HHS) makes another last-minute, litigation-inspired decision to delay the September 23, 2013 compliance date, we?re well into the 10-day countdown for compliance with most of the Omnibus Rule requirements...


Ten Days, Ten Tips ? Countdown to Omnibus Rule Compliance #2

Posted on September 16, 2013
Unless the Department of Health and Human Services (HHS) makes another last-minute, litigation-inspired decision to delay the September 23, 2013 compliance date, we?re well into the 10-day countdown for compliance with most of the Omnibus Rule requirements...


Ten Days, Ten Tips ? Countdown to Omnibus Rule Compliance

Posted on September 13, 2013
Unless the Department of Health and Human Services (HHS) makes another last-minute, litigation-inspired decision to delay the September 23, 2013 compliance date, we?re on a 10-day countdown for compliance with most of the Omnibus Rule requirements.  In a motion filed jointly with the plaintiff in the U...


Lost in the Shuffle: The September 23 HIPAA Notice Requirements

Posted on September 10, 2013
Our partner Keith McMurdy posted a timely summary of the requirements of the HIPAA Omnibus Rule for employers and benefit plan sponsors at his Employee Benefits Legal Blog.  It is reproduced below: Lost in the Shuffle: The September 23 HIPAA Notice Requirements By Keith R...


The Parade of Major Reported PHI Breaches Jumps Ahead to 646 ? Part 2: Business Associates Continue to Augment the Numbers

Posted on August 20, 2013
This blog series has been following breaches of Protected Health Information (?PHI?) that have been reported on the U.S. Department of Health and Human Services (?HHS?) ever-lengthening parade list (the ?HHS List?) of breaches of unsecured PHI affecting 500 or more individuals (the ?List Breaches?)...


The Parade of Major Reported PHI Breaches Jumps Ahead to 646 ? Theft Continues to Dominate the Numbers

Posted on August 14, 2013
This blog series has been following breaches of Protected Health Information (?PHI?) that have been reported on the U.S. Department of Health and Human Services (?HHS?) ever-lengthening parade list (the ?HHS List?) of breaches of unsecured PHI affecting 500 or more individuals (the ?List Breaches?)...


Sixty Days or Sixty Minutes ? What is Your Breach Reporting Deadline?

Posted on July 08, 2013
If you are a federally-facilitated health insurance exchange (FFE), a ?non-Exchange entity?, or a State Exchange, the answer is ?Quick, report!?  Those involved with the new health insurance exchanges (or ?Marketplaces??  The name, like the rules, seems to be a moving and elusive target) should make note that privacy and security incidents and breaches are...


The Parade of PHI Security Breaches: With a New Large Breach, Indiana Family and Social Services Administration Marches Again

Posted on July 05, 2013
Elizabeth Litten and Michael Kline write: For the second time in less than 2 ˝ years, the Indiana Family and Social Services Administration (the ?FSSA?) has suffered a large breach of protected health information (?PHI?) as the result of actions of a business associate (?BA?)...


PRISM, Surveillance and PHI: What the NSA?s data collection means for HIPAA privacy and security compliance concerns.

Posted on June 29, 2013
Tamarra Holmes writes: In recent weeks, people all around the world were made aware of a secret U.S. government surveillance program that essentially collects massive amounts of data from the general public through electronic communication providers, such as Facebook, Skype, and Google...


The Parade of Large PHI Security Breaches: The University of Rochester Medical Center Makes it a Triple in 2013

Posted on June 25, 2013
In January 2011 this blog series discussed here and here that the University of Rochester Medical Center (?URMC? or the ?Medical Center?) became a marcher twice in 2010 in the parade of large Protected Health Information (?PHI?) security breaches.  The U...


Do I really need to report (or get a report on) every "Security Incident" under the sun to comply with HIPAA?

Posted on May 24, 2013
Our blog posts have been somewhat fewer and farther between since the release of the Omnibus Rule, primarily because we have been busily working to understand the subtleties of the Omnibus Rule, while helping our clients implement the necessary changes...


Omnibus Rule Takes Effect Today - Or Does It?

Posted on March 26, 2013
The HIPAA/HITECH Omnibus Rule that appeared in the January 25, 2013 Federal Register contained this cryptic and apparently contradictory statement: DATES: Effective date: This final rule is effective on March 26, 2013. Compliance date: Covered entities and business associates must comply with the applicable requirements of this final rule by September 23, 2013...


The New and Improved HIPAA/HITECH Rules: What Employers Need to Know

Posted on February 17, 2013
On February 7, 2013, our partner Keith McMurdy, Esq., posted an excellent entry on the Employee Benefits Blog of Fox Rothschild LLP that merits republishing for our readers as well. The post outlines some direct effects of the new HIPAA Omnibus Rule on employers and their health plans...


Collateral Effects of the Omnibus Rule: Exercise Caution in Using Past OCR Summaries on Large PHI Breaches as a Roadmap for Future Guidance

Posted on February 01, 2013
In the wake of the post-Omnibus Rule (the 'Rule') frenzy, it is necessary to consider some collateral effects that the Rule may have brought about with respect to compliance with HIPAA/HITECH.  The Office of Civil Rights ('OCR') summaries of closed investigations (the 'Summaries') posted on the U...


Next
Bloggers, promote your law blog by nominating your blog for inclusion in USLaw.com's Law Blog Directory and RSS Reader. Benefits described.
Related Law Bulletins

Related Law Articles

is===1
Related Law Questions

Related Searches
















US Law
#1 Online Legal Resource













Your Blog Subscriptions
Subscribe to blogs

10,000+ Law Job Listings
Lawyer . Police . Paralegal . Etc
Earn a law-related degree
Are you the author of this blog? Adding USLaw.com to your Blogroll increases relevance. You qualify to display a USLaw Network badge.
Suggest changes to this blog's description or nominate another for inclusion. Register for updates.


Practice Area
Zip Code:

Contact a Lawyer Now!










is===1


1.6684 secs (new cache)