On December 30, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $65,000 settlement with West Georgia Ambulance, Inc. for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules. According to HHS, in 2013 the ambulance company reported a breach … Continue Reading
On November 7, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $1,600,000 civil money penalty for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules. According to HHS, the Texas Health and Human Services Commission (TX HHSC) “operates state … Continue Reading
On November 5, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $3,000,000 settlement with the University of Rochester Medical Center (“URMC”) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules in 2013 and 2017. According to HHS, URMC … Continue Reading
On October 23, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $2,154,000 civil money penalty for numerous violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules between 2013 and 2016. According to HHS, Jackson Health System (“JHS”) is a … Continue Reading
Today the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $3,000,000 settlement for a disclosure of patient protected health information (“PHI”) via its FTP server. In 2014, HHS received an email tip that the social security numbers of Touchstone Medical Imaging (“Touchstone”) patients were accessible online via an insecure … Continue Reading
The U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) just announced an $111,400 settlement and substantial corrective action plan for a Colorado hospital whose former employee still had access to electronic patient protected health information (“PHI”). In 2013, Pagosa Springs Medical Center failed to de-activate a former employee’s username and password … Continue Reading
HHS has published a very brief guide, in the form of a checklist, to explain the steps for a HIPAA covered entity or business associate to take in response to a cyber related security incident. You can access the checklist at this link: Cyber Related Security Steps… Continue Reading
In September, 2015, OCR and HHS issued a press release announcing a Resolution Agreement with the Cancer Care Group, P.C., which included entry into the agreement, the adoption of a robust compliance plan, and the payment of a $750,000 penalty. The settlement arose out of an incident involving the theft of an employee laptop containing … Continue Reading
Microsoft recently announced that, after April 8, 2014, it will not longer provide security updates or technical support for Windows XP. Microsoft’s statement that “businesses that are governed by regulatory obligations such as HIPAA may find that they are no longer able to satisfy compliance requirements” has spurred a certain level of panic among health … Continue Reading
The Department of Health and Human Services (HHS) has released a proposed rule that would modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule by allowing health care providers to make certain disclosures to the National Instant Criminal Background Check System (NICS). The NICS aims to keep guns from being sold to those … Continue Reading
HIPAA Omnibus Rule Compliance: Is Your Practice Ready? On January 17, 2013, the United States Department of Health and Human Services released a Final Rule, commonly known as the “HIPAA Omnibus Rule,” which included significant changes to the HIPAA compliance requirements for healthcare covered entities, including private practice rehabilitation and medical providers. The compliance date … Continue Reading
In OIG Advisory Opinion No. 11-17, the OIG has broadcast its suspicion of percentage based marketing arrangements. The request seeks the OIG’s “no action” letter on a proposal by which a company will provide consulting and marketing services to physician practices. The services would be designed to review patients’ files and identify opportunities to provide allergy … Continue Reading
This is simply a reminder that the Office of Civil Rights (OCR) pilot audit program to access the privacy and security compliance of covered entities will commence November 2011 and conclude by December 2012. The attached link provides details about the program. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html … Continue Reading
An interim final rule has been recently published for "Adoption of Operating Rules for Eligibility for a Health Plan and Health Care Claim Status Transactions." Section 1104 of the Affordable Care Act establishes new requirements for administrative transactions that will improve the utility of the existing HIPAA transactions and reduce administrative costs. This interim final … Continue Reading
Contributed by Paul J. Welk 412.594.5536 Dr. Richard Allen Kaye, the Medical Director of Sentara Obisi Hospital, in Suffolk, VA was indicted by a federal grand jury for disclosing patient identifiable information in violation of the HIPAA Privacy Rule. The indictment accuses Dr. Kaye of disclosing patient information without authorization to an agent of the … Continue Reading
DEPARTMENT OF HEALTH Amendments to Charges for Medical Records Under 42 Pa.C.S. 6152 and 6155 (relating to subpoena of records; and rights of patients), the Secretary of Health (Secretary) is directed to adjust annually the amounts which may be charged by a health care facility or health care provider upon receipt of a request … Continue Reading
Health and Human Services ("HHS") Secretary Kathleen Sebelius announced yesterday important new proposed rules and resources to strengthen the privacy of health information and to help all Americans understand their rights and the resources available to safeguard their personal health data. The official release date of the new proposed rules is July 14, 2010. These … Continue Reading