Tag Archives: HIPAA

Ambulance Company Pays $65,000 Settlement

On December 30, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $65,000 settlement with West Georgia Ambulance, Inc. for  violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules. According to HHS, in 2013 the ambulance company reported a breach … Continue Reading

$1,600,000 Civil Money Penalty for HIPAA Violations by the Texas Health and Human Services Commission

On November 7, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $1,600,000 civil money penalty for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules. According to HHS, the Texas Health and Human Services Commission (TX HHSC) “operates state … Continue Reading

$3,000,000 Settlement by University of Rochester Medical Center for Numerous HIPAA Violations

On November 5, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $3,000,000 settlement with the University of Rochester Medical Center (“URMC”) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules in 2013 and 2017. According to HHS, URMC … Continue Reading

$2,154,000 Civil Money Penalty for Numerous HIPAA Violations by Jackson Health System

On October 23, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $2,154,000 civil money penalty for numerous violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules between 2013 and 2016. According to HHS, Jackson Health System (“JHS”) is a … Continue Reading

$3,000,000 Settlement for HIPAA Breach by Diagnostic Medical Imaging Company

Today the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $3,000,000 settlement for a disclosure of patient protected health information (“PHI”) via its FTP server. In 2014, HHS received an email tip that the social security numbers of Touchstone Medical Imaging (“Touchstone”) patients were accessible online via an insecure … Continue Reading

Colorado Hospital Pays $111,400 HIPAA Settlement For Failing To Stop Former Employee From Having Access To Patient Protected Health Information

The U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) just announced an $111,400 settlement and substantial corrective action plan for a Colorado hospital whose former employee still had access to electronic patient protected health information (“PHI”). In 2013, Pagosa Springs Medical Center failed to de-activate a former employee’s username and password … Continue Reading

Do Windows XP Users Risk HIPAA Non-Compliance?

Microsoft recently announced that, after April 8, 2014, it will not longer provide security updates or technical support for Windows XP.  Microsoft’s statement that “businesses that are governed by regulatory obligations such as HIPAA may find that they are no longer able to satisfy compliance requirements” has spurred a certain level of panic among health … Continue Reading

HHS Proposed Rule Affects HIPAA Privacy Rule and Background Check Reporting

The Department of Health and Human Services (HHS) has released a proposed rule that would modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule by allowing health care providers to make certain disclosures to the National Instant Criminal Background Check System (NICS).  The NICS aims to keep guns from being sold to those … Continue Reading

HIPAA Omnibus Rule Compliance: Is Your Practice Ready?

  HIPAA Omnibus Rule Compliance: Is Your Practice Ready? On January 17, 2013, the United States Department of Health and Human Services released a Final Rule, commonly known as the “HIPAA Omnibus Rule,” which included significant changes to the HIPAA compliance requirements for healthcare covered entities, including private practice rehabilitation and medical providers. The compliance date … Continue Reading

OIG Suspicious of Marketing Arrangements

In OIG Advisory Opinion No. 11-17, the OIG has broadcast its suspicion of percentage based marketing arrangements. The request seeks the OIG’s “no action” letter on a proposal by which a company will provide consulting and marketing services to physician practices. The services would be designed to review patients’ files and identify opportunities to provide allergy … Continue Reading

HIPAA Privacy and Security Audit Program

This is simply a reminder that the Office of Civil Rights (OCR) pilot audit program to access the privacy and security compliance of covered entities will commence November 2011 and conclude by December 2012. The attached link provides details about the program.  http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html         … Continue Reading

Interim Final Rule Published for “Adoption of Operating Rules for Eligibility for a Health Plan and Health Care Claim Status Transactions”

An interim final rule has been recently published for "Adoption of Operating Rules for Eligibility for a Health Plan and Health Care Claim Status Transactions."  Section 1104 of the Affordable Care Act establishes new requirements for administrative transactions that will improve the utility of the existing HIPAA transactions and reduce administrative costs. This interim final … Continue Reading

Healthcare Provider Criminally Indicted for Violating HIPAA

Contributed by Paul J. Welk 412.594.5536 Dr. Richard Allen Kaye, the Medical Director of Sentara Obisi Hospital, in Suffolk, VA was indicted by a federal grand jury for disclosing patient identifiable information in violation of the HIPAA Privacy Rule.  The indictment accuses Dr. Kaye of disclosing patient information without authorization to an agent of the … Continue Reading

Pennsylvania 2011 Medical Records Costs

DEPARTMENT OF HEALTH Amendments to Charges for Medical Records   Under 42 Pa.C.S. 6152 and 6155 (relating to subpoena of records; and rights of patients), the Secretary of Health (Secretary) is directed to adjust annually the amounts which may be charged by a health care facility or health care provider upon receipt of a request … Continue Reading

HHS Strengthens Health Information Privacy and Security through New Rules

Health and Human Services ("HHS") Secretary Kathleen Sebelius announced yesterday important new proposed rules and resources to strengthen the privacy of health information and to help all Americans understand their rights and the resources available to safeguard their personal health data.  The official release date of the new proposed rules is July 14, 2010.  These … Continue Reading
LexBlog