.

Google       

OR PHONE (866) 635-1838 for Bankruptcy Help, (866) 635-6190 for Divorce,
(866) 635-2689 for Personal Injury or (866) 635-9402 for Criminal Defense

Find a Local Lawyer

Bankruptcy (866) 635-1838
Divorce (866) 635-6190
Personal Injury (866) 635-2689
Criminal Defense (866) 635-9402


Health Law

HIPAA Health Law & Technology HIPAA Health Law & Technology

Legal developments, issues, and other pertinent information relating the creation, use, and exchange of health information. Topics include EHRs and PHRs; HIEs, RHIOs, and EHR networks; privacy and security; breaches; and recent legislation.
By Helen Oscislawski

Post Frequency: 1.5/day

Last Entry: July 22, 2014 at 18:15:40

Recent Entries: 333

Track this blog ()

Go to HIPAA Health Law & Technology, find other Health Law blogs, or browse all law blogs.

Search
This Blog Only All Blogs

Posts

Two Months to Amend HIPAA Business Associate Agreements for Omnibus Compliance, But Beware the Bare Bones BAA

Posted on July 22, 2014
Does your business associate agreement (BAA) reflect your business deal, or is it a bare bones HIPAA compliance document? Now is the time to check. The HIPAA ?Omnibus Rule? published in January of 2013 gave covered entities, business associates, and subcontractors until September 22, 2014 to make their business associate agreements (BAAs) compliant, so use...


Hobby Lobby, HIPAA and Happy Independence Day

Posted on July 03, 2014
The recent United States Supreme Court decisioninBurwell v. Hobby Lobby Stores, Inc. has attorneys, pundits, policy-makers and businesses (yes, corporations are people, too) pondering big, quintessentially American issues like the free exercise of religion, compelling government interests, and our fundamental right to make money (and, as a corollary issue, what distinguishes for-profit from not-for-profit corporations)...


Paper Records HIPAA Violation Results in $800,000 Payment under HHS Resolution Agreement

Posted on June 29, 2014
My partner Elizabeth Litten was quoted at length by Alexis Kateifides in his recent article in DataGuidance entitled ?USA: ‘Unique’ HIPAA violation results in $800,000 settlement? While the full text can be found in the June 26, 2014 article in DataGuidance...


PHI Data Breaches just went from Bad Dream to Nightmare in West Virginia

Posted on June 13, 2014
Michael Cocowrites: The dreaded PHI data breach is every covered entity?s bad dream, but the West Virginia Supreme Court just turned that bad dream into a nightmare. The court decided a case, Tabata v. Charleston Area Medical Center, Inc., brought on behalf of thousands of patients requesting class certification to sue the medical center for...


To access this complete feed in the blog feed reader login or register for free.

Risky (Health Care) Business: Disclosure of FTC Data Security Enforcement Potential to Investors and Other Third Parties

Posted on June 09, 2014
Readers of this blog know that we have been tracking the FTC?s recent data security enforcement activities with a particular focus on the FTC v. LabMD case. As reported by Cause of Action, a nonprofit organization involved in the defense of LabMD, the LabMD trial was put on hold on May 30, 2014 until June...


Will Unearthing the FTC?s Data Security Standards Help the Health Care Industry?

Posted on May 07, 2014
As a regulatory lawyer, I frequently find myself parsing words and phrases crafted by legislators and agencies that, all too often, are frustratingly vague or contradictory when applied to a particular real-world and perhaps unanticipated (at the time of drafting) scenario...


Unencrpyted Laptops Prove Costly

Posted on April 24, 2014
Is the PHI on all your mobile devices encrypted? If not, here?s another two million reasons to make encryption your top priority. The Office of Civil Rights (OCR) of the Department of Health and Human Services announced on April 22, 2014 that they had imposed nearly $2 million in penalties on two entities as a...


When the Long Arm of HIPAA Reaches into Mergers, Acquisitions and Asset Sales of Health Care Practices

Posted on April 18, 2014
Michael J. Coco writes: If you have ever bought or sold a business, or you have experience with the process, you are aware of the due diligence efforts and multiple agreements required to close the deal. Transactions involving the sale or purchase of health care related business, such as a medical practice, often take the...


Wild West Data Breach Sheriff Wins a Round Back East

Posted on April 16, 2014
LabMD is not the only company that has tried to buck the FTC?s assertion of authority over data security breaches. Wyndham Worldwide Corp. has spent the past year contesting the FTC?s authority to pursue enforcement actions based upon companies? alleged ?unfair? or ?unreasonable? data security practices...


The Wild West of Data Breach Enforcement by the Feds

Posted on March 18, 2014
Imagine you have completed your HIPAA risk assessment and implemented a robust privacy and security plan designed to meet each criteria of the Omnibus Rule. You think that, should you suffer a data breach involving protected health information as defined under HIPAA (PHI), you can show the Secretary of the Department of Health and Human...


HHS Enforces Against County Government in Washington State

Posted on March 11, 2014
Last week?s Resolution Agreement between the US Department of Health and Human Services, Office for Civil Rights (?HHS?) and a small county in Washington State marks the first time HHS has settled an action against a county government for noncompliance with the Privacy and Security Rules under HIPAA (the ?HIPAA Rules?)...


More on Considerations for Entering into or Revising Business Associate Agreements

Posted on February 26, 2014
My partner Elizabeth Litten and I were interviewed by Marla Durben Hirsch for her recent article in Medical Practice Compliance Alert entitled ?Evaluate Relationships Before Signing Business Associate Agreements.? While the full text can be found in the February 3, 2014 issue of Medical Practice Compliance Alert, the following considerations are based upon points discussed...


Puerto Rico Raises a High Bar for Fines Levied for PHI Breaches

Posted on February 24, 2014
My partner Bill Maruca was quoted in Jeff Overley?s article ?Historic HIPAA Fine Will Push Feds To Get Tougher? published in Law360 on Friday, February 20, 2014. The article reports on the nearly $7 million fine imposed by the Puerto Rico Health Insurance Administration onacontractor, health plan Triple-S Salud Inc...


?Boilerplate? Provisions in Business Associate Agreements Warrant Attention

Posted on January 28, 2014
Michael J. Coco writes: The expanded requirements under the HIPAA Omnibus Rule for a Business Associate Agreement (?BAA?) has created an increase in volume and the need for analysis of such agreements, as individuals in industries traditionally unrelated to health care ? such as IT vendors ?find themselves confronting issues respecting a BAA...


HIPAA Compliance Trends for 2014

Posted on January 22, 2014
My partner Elizabeth Litten and I were interviewed by Marla Durben Hirsch forher Medical Practice Compliance Alert article ?HIPAA, ICD-10 Among 6 Compliance Trends That Will Affect You in 2014.? While the full text can be found in the January 6, 2014 issue of Medical Practice Compliance Alert, a synopsis is noted below...


Springing, Shifting, and Slip-Sliding Business Associate Agreements

Posted on January 17, 2014
What do you do if you have signed a Business Associate Agreement (BAA) with a covered entity, but are getting protected health information (PHI) from the covered entity in conjunction with health care treatment you provide to the individual? What if another covered entity provider has contracted with you to provide services to that provider?s...


HIPAA Failure Results In Penalties: Lack of Compliance the Key

Posted on January 07, 2014
Our partner Keith McMurdy posted this analysis of a recent HIPAA settlement involving a physician practice on our Employee Benefits Legal Blog: HIPAA Failure Results In Penalties: Lack of Compliance the Key By Keith R. McMurdy on January 1, 2014Posted in Plan Administration, Welfare Plans Often, when I am discussing HIPAA privacy compliance, I am...


Avoiding a HIPAA Identity Crisis in 2014

Posted on December 27, 2013
Who you are makes a big difference in how and whether you must protect individually identifiable health information under HIPAA. As we near the end of 2013, I look back at the events of the past year and am struck by the breadth and complexity of the issues we have written about on this blog...


Complex New Healthcare Relationships Create New Challenges in Electronic Health Records

Posted on December 22, 2013
My partner Elizabeth G. Litten and I were interviewed by Marla Durben Hirsch in the FierceEMR article “Healthcare Attorneys: New Business Relationships Will Create New EHR Problems.” It is always a pleasure for us to talk with Marla because she provokes our thinking in new areas...


OCR Gets Coal in its Stocking from OIG

Posted on December 05, 2013
Who watches the watchdogs to ensure they?re not sleeping on the job? The Office of Inspector General (OIG) of the Department of Health and Human Services has published a report of its review of the Office of Civil Rights? HIPAA/HITECH Security Rule oversight efforts, and some of the findings are not pretty...


The Parade of PHI Security Breaches: Why Did it Take Two Years for the Status of Minne-Tohe Health Center as a Marcher to be Disclosed?

Posted on October 29, 2013
It is noteworthy that there are often substantial delays in disclosures regarding covered entities (?CEs?) that have become marchers in the Parade of large Protected Health Information (?PHI?) security breaches under HIPAA. This is the case even though the PHI breach notification rule requires that, when a PHI breach affects 500 or more individuals (a...


Embarrassing Fact: Few Seem to Understand HIPAA or the ACA (at least when it comes to individual health coverage to be purchased on an Exchange)

Posted on October 29, 2013
I read a recent Forbes.com post by Rick Ungar (?Claims That Obamacare Website Violates Health Privacy Reveals Embarrassing Fact ? GOP Does Not Understand HIPAA or Obamacare?) that revealed a truly embarrassing fact: very few of us really understand HIPAA, let alone the intricacies of the Affordable Care Act (?ACA? or ?Obamacare?) and its interplay...


A Business Associate Agreement Dilemma: To Indemnify or Not to Indemnify ? Ten Considerations

Posted on October 01, 2013
A party (Party) to a HIPAA Business Associate Agreement (BAA) or Subcontractor Agreement (SCA), whether a covered entity (CE), business associate (BA) or subcontractor (SC), may struggle with the question as to whether to agree to, demand, request, submit to, negotiate or permit, an indemnification provision (Provision) respecting the counterparty (Counterparty) under a BAA or...


Ten Days, Ten Tips ? Countdown to Omnibus Rule Compliance #4 and #5 (aka #8 and #9)

Posted on September 23, 2013
Where did the time go? Today?s the day ? September 23, 2013. This is compliance day for most of the Omnibus Rule changes. I had a feeling this deadline would catch up with me faster than I would be able to blog my 10 tips, so I?m going to count ?TIP TWO? as tips TWO...


Ten Days, Ten Tips ? Countdown to Omnibus Rule Compliance #10

Posted on September 23, 2013
Here?s the official 10th tip to help you comply with today?s Omnibus Rule deadline. However, since I had to make TIP TWO into TIPs TWO through SEVEN when I realized my time had was running out, I will continue to blog a few more tips over the coming weeks...


Ten Days, Ten Tips ? Countdown to Omnibus Rule Compliance #3

Posted on September 17, 2013
Unless the Department of Health and Human Services (HHS) makes another last-minute, litigation-inspired decision to delay the September 23, 2013 compliance date, we?re well into the 10-day countdown for compliance with most of the Omnibus Rule requirements...


Ten Days, Ten Tips ? Countdown to Omnibus Rule Compliance #2

Posted on September 16, 2013
Unless the Department of Health and Human Services (HHS) makes another last-minute, litigation-inspired decision to delay the September 23, 2013 compliance date, we?re well into the 10-day countdown for compliance with most of the Omnibus Rule requirements...


Ten Days, Ten Tips ? Countdown to Omnibus Rule Compliance

Posted on September 13, 2013
Unless the Department of Health and Human Services (HHS) makes another last-minute, litigation-inspired decision to delay the September 23, 2013 compliance date, we?re on a 10-day countdown for compliance with most of the Omnibus Rule requirements. In a motion filed jointly with the plaintiff in the U...


Lost in the Shuffle: The September 23 HIPAA Notice Requirements

Posted on September 10, 2013
Our partner Keith McMurdy posted a timely summary of the requirements of the HIPAA Omnibus Rule for employers and benefit plan sponsors at his Employee Benefits Legal Blog. It is reproduced below: Lost in the Shuffle: The September 23 HIPAA Notice Requirements By Keith R...


The Parade of Major Reported PHI Breaches Jumps Ahead to 646 ? Part 2: Business Associates Continue to Augment the Numbers

Posted on August 20, 2013
This blog series has been following breaches of Protected Health Information (?PHI?) that have been reported on the U.S. Department of Health and Human Services (?HHS?) ever-lengthening parade list (the ?HHS List?) of breaches of unsecured PHI affecting 500 or more individuals (the ?List Breaches?)...


Next
Bloggers, promote your law blog by nominating your blog for inclusion in USLaw.com's Law Blog Directory and RSS Reader. Benefits described.
Related Law Bulletins

Related Law Articles

is===1
Related Law Questions

Related Searches
















US Law
#1 Online Legal Resource













Your Blog Subscriptions
Subscribe to blogs

10,000+ Law Job Listings
Lawyer . Police . Paralegal . Etc
Earn a law-related degree
Are you the author of this blog? Adding USLaw.com to your Blogroll increases relevance. You qualify to display a USLaw Network badge.
Suggest changes to this blog's description or nominate another for inclusion. Register for updates.


Practice Area
Zip Code:

Contact a Lawyer Now!










is===1


1.6839 secs (new cache)