Category Archives: HIPAA and HIT

Subscribe to HIPAA and HIT RSS Feed

Hospital Network Reports Large HIPAA Breach

  Community Health Systems announced today, August 18th, that hackers broke into its computers and stole data on 4.5 million patients.  The information included names, Social Security numbers, physical addresses, birthdays and telephone numbers.  More information on the breach is available at  http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/index.html  … Continue Reading

Physical Therapy Provider Enters into HIPAA Settlement

U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced yet another enforcement action.  Specifically, OCR opened a compliance review of Concentra Health Services (Concentra) upon receiving a report that an unencrypted laptop was stolen from the Springfield Missouri Physical Therapy Center.  The investigation revealed that Concentra had previously recognized in … Continue Reading

OCR PREPARING FOR NEXT ROUND OF HIPAA AUDITS

OCR PREPARING FOR NEXT ROUND OF HIPAA AUDITS By Paul J. Welk, PT, JD In a February 24, 2014 notice published in the Federal Register, the Department of Health and Human Services announced a pre-audit survey of HIPAA covered entities and business associates.  The information collected will involve a survey of up to 1,200 covered … Continue Reading

Do Windows XP Users Risk HIPAA Non-Compliance?

Microsoft recently announced that, after April 8, 2014, it will not longer provide security updates or technical support for Windows XP.  Microsoft’s statement that “businesses that are governed by regulatory obligations such as HIPAA may find that they are no longer able to satisfy compliance requirements” has spurred a certain level of panic among health … Continue Reading

FTC and Accretive Health Settle Unfair Business Practice Complaint Centered on Data Security Measures

Accretive Health recently agreed to settle a Federal Trade Commission (FTC) complaint that stems from a July, 2011 incident in which an Accretive employee’s laptop was stolen from his car. As a medical billing and revenue management services provider, Accretive grants its employees access to “sensitive personal health information” including “patient names, dates of birth, … Continue Reading

HHS Proposed Rule Affects HIPAA Privacy Rule and Background Check Reporting

The Department of Health and Human Services (HHS) has released a proposed rule that would modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule by allowing health care providers to make certain disclosures to the National Instant Criminal Background Check System (NICS).  The NICS aims to keep guns from being sold to those … Continue Reading

Dermatology Practice Agrees to Settlement in Connection with HIPAA Breach

A Massachusetts-based dermatology practice recently agreed to pay $150,000 to settle claims that it failed to have sufficient policies and procedures in place to address a breach notification requirement under the HITECH Act.  The investigation was initiated following a report that an unencrypted thumb drive containing electronic protected health information of approximately 2,200 individuals was … Continue Reading

HIPAA Omnibus Rule Compliance: Is Your Practice Ready?

  HIPAA Omnibus Rule Compliance: Is Your Practice Ready? On January 17, 2013, the United States Department of Health and Human Services released a Final Rule, commonly known as the “HIPAA Omnibus Rule,” which included significant changes to the HIPAA compliance requirements for healthcare covered entities, including private practice rehabilitation and medical providers. The compliance date … Continue Reading

CERT event on health information exchanges – June 26, 2013 – Pittsburgh, PA (with live stream and underwritten by HHS)

Contributed by Lee Kim, Esq. The CERT program is having a free all-day event tomorrow (June 26, 2013) in Pittsburgh, PA on security incident management for health information exchanges.  This event is underwritten by the US Department of Health and Human Services. Registration is free, but required.  http://www.cert.org/cybersecurity-hie/.  The event will be live and also … Continue Reading

Healtheway (formerly National Health Information Network – NHIN) Announces its Founding Organizations

Contributed by Lee Kim 412.594.3915 Healtheway was previously known as the National Helath Information Network.  It is a non-profit public-private partnership and has announced today its nine founding members.  These members include the American Medical Association, Epic, Kaiser Permanente, New York eHealth Collaborative, among others.  For the full press release, please see http://finance.yahoo.com/news/healtheway-announces-founding-members-groundbreaking-110000367.html.… Continue Reading

Health information security and healthcare technology

Lee Kim has been selected to the HIMSS Privacy and Security Committee for this coming fiscal year. In addition, she recently gave a talk on mobile healthcare information security on May 30, 2013 at the SANS Mobile Device Security Summit.  A review of her talk (and those of others) can be found here: http://blog.secureideas.com/2013/06/sans-mobile-summit-2013-recap.html. Lee will … Continue Reading

The Health IT Legal Landscape: Policy Changes and Practical Examples in a post-Omnibus Privacy Rule World

Lee Kim will be speaking at the Government Health IT Conference on June 11-12, 2013 in Washington, D.C. addressing changes due to the Omnibus Privacy Rule.  Privacy and security requirements for health data can be complex and intimidating. HIPAA and HITECH, and now the January 2013 release of the HIPAA Omnibus Rule have a very practical … Continue Reading

Negotiating an Electronic Health Record Agreement: A Marriage Between Healthcare and Technology

Lee Kim will be giving a webinar on negotiating electronic health record agreements on Thursday, June 20, 2013. EHR’s are increasingly outsourced services provided by specialty vendors who can take advantage of economics of scale and concentrated expertise. But this means that mission-critical health care functions are more dependent on complex systems the provider does not … Continue Reading

mHealth’s Impact: The Most Rapid Transformation in Healthcare Today

Lee Kim will be presenting a webinar for HIMSS on May 22nd entitled, "Regulation and Innovation in mHealth: What You Need to Know to Successfully Play in the mHealth Space" as part of the HIMSS Virtual Forum on mHealth’s Impact: The Most Rapid Transformation in Healthcare Today.  A summary of the presentation can be accessed here: http://www.mhimss.org/blog/advancements-abound-mhealth-what-about-pace-policy.… Continue Reading

Proposed Rules Relating to Donated EHR software and certain related items to services to physicians

CMS and the Office of Inspector General at HHS (OIG) have respectively published proposed rules to extend the sunset dates for the Stark exception and anti-kickback statute safe harbor permitting donations of EHR software and certain related items and services to physicians. These provisions are set to expire on December 31, 2013. Both agencies have proposed almost … Continue Reading

Two New Federal Policy Documents on Critical Infrastructure Protection

Contributed by Lee Kim, Esq. 412.594.3915 The White House released two documents on February 12th related to critical infrastructure protection and cybersecurity: the Presidential Policy Directive #21 on Critical Infrastructure and Resilience (PPD-21) which replaces the Homeland Security Presidential Directive (HSPD-7) which previously served as the policy basis for the national critical infrastructure protection enterprise.  … Continue Reading

OIG Advisory Opinion No. 12-20

Contributed by Lee Kim, Esq. 412.594.3915 The Office of Inspector General of the Department of Health and Human Services has issued an advisory opinion regarding a hospital’s proposal to provide free acces to an electronic interface to community physicians and physician practices (who request it) so that the physicians and practices can transmit orders for … Continue Reading

mHIMSS Roadmap

Contributed by Lee Kim, Esq. 412.594.3915 mHIMSS, the mobile initiative of HIMSS, has released the mHIMSS Roadmap to serve as guideance for  professionals, organizations, corporations and health systems on the adoption of mobile and mobile health devices. Lee Kim, chair of the mHIMSS Legal/Policy taskforce, authored several sections of the legal & policy section of the … Continue Reading

2012 mHealth Summit

Lee Kim, an intellectual property and healthcare technology attorney at Tucker Arensberg, PC, will be a panelist for a session entitled, "Policy & Regulatory Environments: A Mobile Perspective" at the international mHealth Summit which will be held in National Harbor, MD.  The 4th Annual mHealth Summit is the largest event of its kind and more … Continue Reading

Western Pennsylvania 2012 Cybersecurity Conference

Contributed by Lee Kim, Esq. 412.594.3915 Yesterday, I attended the Western Pennsylvania 2012 Cybersecurity Conference.  It was a unique opportunity to learn about cyber-threats, including cyber-attacks and cyber-crime.  As a healthcare technology attorney, I asked the panelists about their thoughts on these issues as they pertain to the healthcare industry.  In response, I was told that … Continue Reading

CMS Response to Breaches and Medical Identity Theft

Contributed by Lee Kim, Esq. 412.594.3915   CMS has reported that it had 14 breaches of protected health information between September 23, 2009, and December 31, 2011. CMS notified the 13,775 Medicare beneficiaries affected by the breaches.  However, according to the Office of Inspector General of HHS (OIG), it did not meet several ARRA requirements. … Continue Reading
LexBlog