OR PHONE (866) 635-1838 for Bankruptcy Help, (866) 635-6190 for Divorce,
(866) 635-2689 for Personal Injury or (866) 635-9402 for Criminal Defense
(866) 635-2689 for Personal Injury or (866) 635-9402 for Criminal Defense
Find a Local Lawyer
Bankruptcy (866) 635-1838
Divorce (866) 635-6190
Personal Injury (866) 635-2689
Criminal Defense (866) 635-9402
Divorce (866) 635-6190
Personal Injury (866) 635-2689
Criminal Defense (866) 635-9402
Health Law
HIPAA Health Law & Technology 
Legal developments, issues, and other pertinent information relating the creation, use, and exchange of health information. Topics include EHRs and PHRs; HIEs, RHIOs, and EHR networks; privacy and security; breaches; and recent legislation.
Post Frequency: 0.9/day Last Entry: May 24, 2013 at 14:41:15 Recent Entries: 295
By Helen Oscislawski
Go to HIPAA Health Law & Technology, find other Health Law blogs, or browse all law blogs.
Search
Posts
Do I really need to report (or get a report on) every "Security Incident" under the sun to comply with HIPAA?
Posted on May 24, 2013Our blog posts have been somewhat fewer and farther between since the release of the Omnibus Rule, primarily because we have been busily working to understand the subtleties of the Omnibus Rule, while helping our clients implement the necessary changes...
Omnibus Rule Takes Effect Today - Or Does It?
Posted on March 26, 2013The HIPAA/HITECH Omnibus Rule that appeared in the January 25, 2013 Federal Register contained this cryptic and apparently contradictory statement: DATES: Effective date: This final rule is effective on March 26, 2013. Compliance date: Covered entities and business associates must comply with the applicable requirements of this final rule by September 23, 2013...
The New and Improved HIPAA/HITECH Rules: What Employers Need to Know
Posted on February 17, 2013On February 7, 2013, our partner Keith McMurdy, Esq., posted an excellent entry on the Employee Benefits Blog of Fox Rothschild LLP that merits republishing for our readers as well. The post outlines some direct effects of the new HIPAA Omnibus Rule on employers and their health plans...
Collateral Effects of the Omnibus Rule: Exercise Caution in Using Past OCR Summaries on Large PHI Breaches as a Roadmap for Future Guidance
Posted on February 01, 2013In the wake of the post-Omnibus Rule (the 'Rule') frenzy, it is necessary to consider some collateral effects that the Rule may have brought about with respect to compliance with HIPAA/HITECH. The Office of Civil Rights ('OCR') summaries of closed investigations (the 'Summaries') posted on the U...
HIPAA "Mega Rule", Meet "Super BAA": The CMS Data Use Agreement
Posted on January 24, 2013The recent release of the HIPAA/HITECH 'mega rule' or 'omnibus rule' has given bloggers and lawyers like us plenty of topics for analysis and debate, as well as some tools with which to prod covered entities, business associates and subcontractors to put HIPAA/HITECH-compliant Business Associate Agreements ('BAAs') in place...
Urgent - Verify Your Business Associate and Subcontractor Agreements by This Friday 1/25/13 to Qualify for Extension
Posted on January 23, 2013The September 23, 2013 deadline for updating Business Associate Agreements is extended for one year under the Omnibus Rule for covered entities who have compliant Business Associate Agreements in place by Friday, January 25, 2013. This also applies to agreements between Business Associates and their subcontractors...
This Just In: Guidance for Health Care Providers, and the Omnibus Rule
Posted on January 18, 2013With gun violence and mental health concerns in the headlines, the Office of Civil Rights has published a letter to health care providers clarifying when it is permissible to reveal PHI when a patient is reasonably believed to present a serious danger to himself or others...
The Parade of Major Reported PHI Breaches Creeps Ahead to 525 - Theft Continues to Dominate the Numbers
Posted on January 08, 2013This blog series has been following breaches of Protected Health Information ('PHI') that have been reported on the U.S. Department of Health and Human Services ('HHS') ever-lengthening parade list (the 'HHS List') of breaches of unsecured PHI affecting 500 or more individuals (the 'List Breaches')...
OCR Announces First "Under 500" Breach Settlement
Posted on January 04, 2013The first breach settlement announcement of the new year breaks new ground - a $50,000 fine based on theft of a laptop containing 441 patients' unencrypted data. It's the first settlement of a breach involving fewer than 500 individuals. There was no indication that any PHI was improperly viewed or accessed...
Countdown to 2013 and the HITECH "Mega Rule": Ten New Year's Resolutions to Protect Health Information
Posted on December 27, 2012We have written several times in this blog series about the long-awaited (some would assert long overdue) HIPAA 'Mega Rule.' What was highly anticipated for the summer of 2012 has become the winter of discontent and a new year for eager HIPAA professionals...
Back to the SAIC Breach and a Look Across the Chasm Between Significant Risk and Actual Harm Resulting from a HIPAA Breach
Posted on December 06, 2012Elizabeth Litten and Michael Kline write: We have posted several blogs, including those here and here, tracking the reported 2011 theft of computer tapes from the car of an employee of Science Applications International Corporation ('SAIC') that contained the protected health information ('PHI') affecting approximately 5 million military clinic and hospital patients (the 'SAIC Breach')...
OIG Reports Shortcomings In EHR Incentive Oversight
Posted on November 30, 2012CMS should improve its oversight of its electronic health record incentive program, according to a report by the Office of Inspector General released this month. The government watchdog agency faults CMS for both inadequate prepayment safeguards and insufficient postpayment monitoring of recipients of federal funding intended to help cover the costs of adoption and implementation of EHR...
Another Case of Snooping Prosecuted
Posted on November 27, 2012Once again, a healthcare worker's inability to resist the temptation to snoop in her employer's medical records has resulted in criminal prosecution. In the latest incident, a Vermont ultrasound technologist improperly accessed the electronic medical records of her husband's former wife and her children, allegedly over a period of 12 years...
OIG EHR Questionnaire Focuses on Fraud Safeguards
Posted on November 19, 2012The OIG is conducting a survey of hospitals who have certified the meaningful use of Electronic Health Record (EHR) Technology, with an emphasis on safeguards that protect the EHR systems from fraudulent access or alteration. A generous hospital compliance officer who has asked to remain nameless has provided me with a copy of the survey tool which can be accessed here...
Known Unknowns and Data Losses
Posted on November 07, 2012A New England hospital has reported the disappearance of backup tapes containing ultrasound images and personal data of 14,000 patients. How do you handle a data loss when you don't have any way of determining where the data went or who may have seen it? Is it a 'breach' in the technical sense? These questions call to mind former Secretary of State Donald Rumsfeld's famous observation about assessing knowledge gaps: 'There are known knowns; there are things we know we know...
A Reader's Comment about a Third Potential Posting on the HHS Breach Parade for Massachusetts Eye and Ear Infirmary
Posted on November 02, 2012A thoughtful reader commented on the recent blog post in this series that asked whether the 2012 Breach of Massachusetts Eye and Ear Infirmary ('MEEI') should have by now been reflected in a third posting respecting MEEI on the HHS List. (Capitalized terms not otherwise defined herein shall have the meanings assigned to them in the earlier blog post...
As the Breach Parade Passes 500 Marchers: Should There be a Posting on the HHS List for a Third Massachusetts Eye and Ear Infirmary Breach?
Posted on October 28, 2012Much has been written about the circumstances surrounding the agreement of Massachusetts Eye and Ear Infirmary ('MEEI') to pay the U.S. Department of Health and Human Services ('HHS') the sum of $1.5 million to settle potential violations involving an alleged security breach (the '2010 Breach') of Protected Health Information ('PHI') under HIPAA...
As the Parade of Major PHI Breaches Marches Ever Onward, Where Have All the OCR Summaries Gone?
Posted on October 05, 2012This blog series has been following breaches of Protected Health Information ('PHI') that have been reported on the U.S. Department of Health and Human Services ('HHS') list (the 'HHS List') of breaches of unsecured PHI affecting 500 or more individuals (the 'List Breaches')...
PHI Breach Involving Health Plan Leads to Lawsuit by Identity Theft Victims Who Were Plan Members
Posted on September 18, 2012A previous post to this blog by Patricia McManus pointed out that individuals whose protected health information ('PHI') is stolen, lost, or otherwise inappropriately used, accessed, or left unsecured have no private right of action against the person or entity responsible for the breach under the HIPAA/HITECH laws...
As We All Continue to Anticipate the HIPAA/HITECH "Mega Rule" from HHS, We Can Test Our Prognosticating Skills
Posted on August 29, 2012We have seen substantial delay in publication of the long-awaited HIPAA/HITECH Omnibus Final Rule, sometimes affectionately referred to as the 'Mega Rule.' Health Data Management reported on June 6 of this year that Farzad Mostashari, national coordinator for health information technology, had said that the HIPAA Mega rule, which will include modifications to the privacy and security rule, breach notification and enforcement, 'should' be published by 'the end of summer...
Employers: Beware of PHI "Minimum Necessary" Standards Lurking Under Statutes Other Than HIPAA and State PHI Statutes
Posted on August 12, 2012A recent posting by our partner Christina Stoneburner, Esq., on the Fox Rothschild Employment Discrimination blog discussed the need by employers to limit protected health information ('PHI') that they provide with respect to medical examinations of employees and applicants to the least amount of medical information necessary for evaluation...
Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?
Posted on July 31, 2012Attorney General Lori Swanson of Minnesota ('AG') issued a press release reporting that Accretive Health, Inc. ('Accretive'), the defendant in an action filed by the AG in U.S. District Court alleging violations of HIPAA, HITECH, the Minnesota Health Records Act, and the Minnesota consumer protection laws, signed a Settlement Agreement, Release and Order on July 30, 2012 ('Settlement Agreement')...
Advice from OCR's Breach Parade Reviewing Stand: Verify Whether Your Business Associate is also an Independent Covered Entity
Posted on July 20, 2012A recent post in this blog series has discussed the valuable guidance for covered entities ('CEs') and business associates ('BAs') that can be contained in the U.S. Department of Health and Human Services list (the 'HHS List') of breaches of unsecured PHI affecting 500 or more individuals ('List Breaches'), especially within the 'brief summaries of the breach cases that OCR [the federal Office of Civil Rights] has investigated and closed...
A Peek Behind the OCR Wall of Shame
Posted on July 17, 2012Ever wonder about those HIPAA breaches that affect less than 500 individuals and don't get posted on the government website known as the 'Wall of Shame'? In a recent presentation to the Hospital Council of Western Pennsylvania, officials from the Office of Civil Rights (OCR) of the Department of Health and Human Services (HHS) provided detailed information on all breaches including the agency's enforcement and auditing activities...
Why Can't I Sue Under HIPAA for a Breach of my Protected Health Information? What Can I Do?
Posted on July 10, 2012As part of our healthcare practice, we frequently field questions from individuals from the general public about alleged violations of the HIPAA law that have affected them. Many people have been in the unfortunate situation where they believe that their protected health information (PHI) has been compromised inappropriately, and they want to know what they can do about it...
MD Anderson Posts Notice of Breach on Day 59
Posted on July 02, 2012As reported in the Houston Chronicle on June 28, 2012, an unencrypted laptop computer containing data on more than 30,000 patients of the University of Texas MD Anderson Cancer Center ('MD Anderson') was stolen from a faculty member's home on April 30, 2012...
The Breach Parade: OCR's Reviewing Stand Lashes Out and Takes $1.7 million from Alaska Medicaid - Who is Really Being Penalized?
Posted on June 29, 2012This blog series has been following breaches of Protected Health Information ('PHI') that have been reported on the U.S. Department of Health and Human Services ('HHS') list (the 'HHS List') of breaches of unsecured PHI affecting 500 or more individuals (the 'List Breaches')...
William Maruca Writes in washingtonpost.com on the Supreme Court, the ACA and Small Business
Posted on June 26, 2012On June 25, 2012, William Maruca, Esq., the Editor of this blog and my health law partner at Fox Rothschild LLP, published an article entitled "What small business owners should know about each possible Supreme Court health-care ruling" on washingtonpost...
The Parade of Major PHI Breaches Marches Onward - What Lessons Can Be Learned from Comments by OCR's Reviewing Stand?
Posted on June 24, 2012This blog series has been following breaches of Protected Health Information ('PHI') that have been reported on the U.S. Department of Health and Human Services ('HHS') list (the 'HHS List') of breaches of unsecured PHI affecting 500 or more individuals (the 'List Breaches')...
Government HIPAA Enforcement Tools - Will These "Red Light Cameras" Deter Marchers From Joining the Breach Parade?
Posted on June 17, 2012At the risk of killing (or at least maiming) the 'Breach Parade' metaphor we have used in this blog series by over-stretching it, I wanted to write about two tools being used by the federal Office of Civil Rights ('OCR') and individual State Attorneys General ('SAGs') to deter and catch HIPAA privacy and security breaches that remind me of the red light cameras designed to deter and catch traffic violations...
Next
Related Law Bulletins
Bad Marriage, Bad for Health
A lousy marriage might literally make you sick. Marital strife and...
Related Law Articles
COBRA Continuation of Healthcare Coverage after Layoff
Pensions and Health Care Coverage for Dislocated Workers
Medicare
Guide to government health insurance for the elderly
Military Veterans Benefits
How to obtain full range of benefits for veterans and dependnets
Related Law Questions
Must a renter pay late fees for late rent payments if the lease contains late payment penalties?
Simple answer is that you have to pay whatever the lease you signed says....
How to deal with creditor's harassing phone calls?
Once you have sent your cease and desist letter to the company, certified mail, ...
How to learn content of deceased parent's will?
go to the court house where your father died or the county he lived in. It is pu...
Can my wages still be garnished if I am making payments?
Garnishment of wages vary from state to state. In other words, some states permi...
My children's school is falsely charging me with truancy. The local district justice works for the school in the most blatently open way. And his wife works for the district, too! They have violated private health record
I am no lawer by any means, so I would love for someone to verify what I have to...
Related Searches
#1 Online Legal Resource
On 08-25 at 15:46PM
Acute perpendicular parking #NYPD #NYFD
On 08-18 at 22:18PM
Parallel parking gone bad. Too much gas UES NYC
On 08-18 at 21:41PM
UES NYC
On 08-18 at 21:25PM
Twitter suspends journalist critical of broadcast partner's coverage on dubious grounds @guyadams #nbcfail #twitterfail
On 07-30 at 17:57PM
Model example of 1st Amendment suppression by the People of New York City's Michael Bloomberg #OWS #NYPD
On 07-12 at 21:07PM
AG Holder lackadaisical on Operation in our Sites domain name seizures & RIAA lobbied free speech suppression @dajaz1
On 06-08 at 22:44PM
Why is the Catholic Church going to court over Obama contraception policy? @NewYorker commentary
On 05-31 at 10:08AM
Monks sue Louisiana for right to sell caskets made from forrest destroyed by Katrina
On 05-31 at 07:47AM
Are the abortion ultrasound laws headed for the Supreme Court?
On 05-15 at 21:52PM
Are you the author of this blog? Adding USLaw.com to your Blogroll increases relevance. You qualify to display a USLaw Network badge.
Suggest changes to this blog's description or nominate another for inclusion. Register for updates.
is===1Must a renter pay late fees for late rent payments if the lease contains late payment penalties?
Simple answer is that you have to pay whatever the lease you signed says....
How to deal with creditor's harassing phone calls?
Once you have sent your cease and desist letter to the company, certified mail, ...
How to learn content of deceased parent's will?
go to the court house where your father died or the county he lived in. It is pu...
Can my wages still be garnished if I am making payments?
Garnishment of wages vary from state to state. In other words, some states permi...
My children's school is falsely charging me with truancy. The local district justice works for the school in the most blatently open way. And his wife works for the district, too! They have violated private health record
I am no lawer by any means, so I would love for someone to verify what I have to...
 |
|
Contact Us | About Us | Celebrity Law Blog |
Our Partners | Disclaimer
| Law Blog Directory
| Law Jobs
| Law Tweets
| GoDaddy Hosting
All original material © 1999-2011 by USLaw.com. |