Dedicated to providing the latest
HIPAA compliance news

$3.2 Million HIPAA Civil Monetary Penalty for Children’s Medical Center of Dallas
Feb02

$3.2 Million HIPAA Civil Monetary Penalty for Children’s Medical Center of Dallas

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that Children’s Medical Center of Dallas has paid a civil monetary penalty of $3.2 million to resolve multiple HIPAA violations spanning several years. It is relatively rare for OCR a HIPAA Civil Monetary Penalty to be paid by a HIPAA-covered entity to resolve HIPAA violations discovered during OCR data breach investigations. In the vast majority...

Read More
$2.2 Million Settlement for Impermissible Disclosure of ePHI
Jan19

$2.2 Million Settlement for Impermissible Disclosure of ePHI

The U.S. Department of Health and Human Services’ Office for Civil Rights has agreed a $2.2 million settlement with MAPFRE Life Assurance Company of Puerto Rico – A subsidiary of MAPFRE S.A., of Spain – to resolve potential noncompliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The settlement relates to the impermissible disclosure of the electronic protected health information of 2,209...

Read More
OCR Reminds CEs of HIPAA Audit Control Requirements
Jan17

OCR Reminds CEs of HIPAA Audit Control Requirements

In the past few weeks, a number of HIPAA-covered entities have announced that employees have been discovered to have inappropriately accessed the medical records/protected health information of patients. Two of the recent cases were discovered when covered entities performed routine audits of access logs. In both instances, the employees were discovered to have inappropriately accessed the electronic protected health information...

Read More
$475,000 Settlement for Delayed HIPAA Breach Notification
Jan10

$475,000 Settlement for Delayed HIPAA Breach Notification

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced the first HIPAA settlement of 2017. This is also the first settlement to date solely based on an unnecessary delay to breach notification after the exposure of patients’ protected health information. Presence Health, one of the largest healthcare networks serving residents of Illinois, has agreed to pay OCR $475,000 to settle potential HIPAA...

Read More
New York Rule Change Allows Clinicians to Access Minors’ PHI via State HIE
Jan06

New York Rule Change Allows Clinicians to Access Minors’ PHI via State HIE

Healthcare providers that participate in the Western New York health information exchange – HEALTHeLINK – are now able to access the health information of minors aged between 10 and 17 after the passing of a new rule covering patient data access through qualified information exchanges. The new rule allows the information of minors to be accessed if prior consent has been obtained by from parents or legal guardians via...

Read More
Joint Commission Ban on Secure Messaging for Orders Remains in Place
Dec22

Joint Commission Ban on Secure Messaging for Orders Remains in Place

The Joint Commission on Accreditation of Healthcare’s (Joint Commission) ban on the use of secure text messaging platforms for patient care orders will remain in place, according to its December newsletter. In April 2016, the Joint Commission took the decision to allow the use of a secure texting platform for sending orders. The ban was not totally lifted, as the Joint Commission required certain components to be in place and certain...

Read More
ONC Publishes Final 2017 Interoperability Standards Advisory
Dec21

ONC Publishes Final 2017 Interoperability Standards Advisory

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has published its Final 2017 Interoperability Standards Advisory (ISA). The ISA is a catalog of standards and implementation specifications that can be used by healthcare organizations to address specific interoperability needs. The purpose of the ISA is to serve as a single resource for the healthcare industry to...

Read More
ONC Issues Challenge to Develop a New Online Model Privacy Notice Generator
Dec15

ONC Issues Challenge to Develop a New Online Model Privacy Notice Generator

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has challenged designers, developers, and health data privacy experts to create a new online Model Privacy Notice (MPN) generator. At present, the MPN is a voluntary resource that helps health technology developers who collect electronic health data provide information to consumers about how health data is collected,...

Read More
National Governors Association Releases Roadmap for States to Improve Heath Data Sharing
Dec14

National Governors Association Releases Roadmap for States to Improve Heath Data Sharing

To support effective decision making, improve the care provided to patients, and cut the costs of healthcare provision, healthcare data must be readily available to all healthcare providers. While other industry sectors have taken great strides toward improving the flow of information to increase efficiency, the healthcare industry still lags behind other industries. There are still many barriers in place which are preventing the...

Read More
ONC Issues Fact Sheet Explaining Exchange of Health Information for Public Health Activities
Dec09

ONC Issues Fact Sheet Explaining Exchange of Health Information for Public Health Activities

The U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) and Office of Civil Rights (OCR) have published a new fact sheet explaining some of the circumstances under which the sharing of electronic healthcare information without patients’ written consent is permitted by Health Insurance Portability and Accountability Act (HIPAA) Rules. The HIPAA Privacy Rule came into...

Read More
OCR Warns Covered Entities of Risk of DDoS Attacks
Dec08

OCR Warns Covered Entities of Risk of DDoS Attacks

There has been a surge in Distributed Denial of Service (DDoS) and Denial of Service (DOS) attacks over the past few weeks. The attacks involve flooding systems with information and requests to cause those systems to crash. The attacks have resulted in large sections of the Internet being taken offline, email systems have crashed, and other computer equipment taken out of action. DDoS attacks on healthcare organizations could prevent...

Read More
21st Century Cures Bill Sails Through Senate
Dec08

21st Century Cures Bill Sails Through Senate

Last week, the House of Representatives unanimously voted in favor of the 21st Century Cures Act. Yesterday, the bill sailed through the Senate with a vote of 94-5. All that remains is for President Obama to add his signature to the bill, which is expected to happen in the next few days. President Obama has already said he is happy to sign the new bill. The bill will provide funding for a number of initiatives that are intended to...

Read More
21st Century Cures Act Unanimously Passed by House
Dec01

21st Century Cures Act Unanimously Passed by House

The 21st Century Cures Act has been passed by the House of Representatives with a vote of 392-26. One Democrat and twenty Republicans voted against the bill. The legislation will now go to the Senate for the vote, which will take place early next week. The legislation was passed by the House last year, although the bill failed in the Senate in July 2015. Numerous revisions have been made since last summer and this time around the 21st...

Read More
Warner Chilcott District Managers Sentenced for HIPAA Violations and Healthcare Fraud
Oct31

Warner Chilcott District Managers Sentenced for HIPAA Violations and Healthcare Fraud

The United States Attorney’s Office for the District of Massachusetts has announced three former district managers of the pharmaceutical firm Warner Chilcott have been sentenced for violating the Health Insurance Portability and Accountability Act and committing healthcare fraud. The offenses date back to 2011, when Warner Chilcott launched the osteoporosis drug Atelvia®. The drug was not covered by many insurance companies due to a...

Read More
Vindell Washington: HIPAA Not a Barrier to the Sharing of ePHI
Sep23

Vindell Washington: HIPAA Not a Barrier to the Sharing of ePHI

This Week, Vindell Washington – the recently appointed National Coordinator for Health Information Technology at the ONC – confirmed that one of his main priorities is to continue the work of Karen DeSalvo and implement the ONC’s Interoperability Roadmap. Washington believes the ONC’s Interoperability Framework is foundational for a number of the administration’s priorities, in particular the Precision Medicine Initiative and...

Read More
OCR to Increase Investigations of Small PHI Breaches
Aug18

OCR to Increase Investigations of Small PHI Breaches

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced it will be stepping up investigations of small PHI breaches with immediate effect. Breaches impacting fewer than 500 individuals will now be subjected to closer scrutiny, with the responsibility for investigating those breaches falling to the OCR’s Regional Offices. OCR currently investigates all PHI breaches that impact more than 500 individuals,...

Read More
Third of Hospitals Lack HIPAA-Compliant EHR Contingency Plans
Jul26

Third of Hospitals Lack HIPAA-Compliant EHR Contingency Plans

According to a recent report issued by the Department of Health and Human Services’ Office of Inspector General, a third of hospitals do not have HIPAA-compliant EHR contingency plans in place, although most are “largely addressing” HIPAA requirements for EHRs. In September 2014, OIG sent a survey to 400 hospitals that had applied for Medicare EHR incentive payments and asked questions to determine whether HIPAA-compliant EHR...

Read More
Hospitals Saying No to Pokemon Go
Jul25

Hospitals Saying No to Pokemon Go

The Pokemon Go craze sweeping the globe is causing a number of problems for U.S. hospitals leading many to issue bans on playing the game anywhere on hospital premises. The location-based augmented reality mobile game requires players to get out and about and use their smartphone cameras and GPS to find and catch Pokemon – virtual reality critters that can be found in real world locations. The scavenger hunt requires players to go to...

Read More
2.75 Million Dollar HIPAA Settlement Reached with UMMC
Jul22

2.75 Million Dollar HIPAA Settlement Reached with UMMC

Hot on the heels of the 2.7 million HIPAA breach settlement with Oregon Health & Science University comes news of another multi-million-dollar settlement with another university. The Department of Health and Human Services’ Office for Civil Rights announced yesterday that University of Mississippi Medical Center (UMMC) has agreed to settle alleged HIPAA violations and will pay a financial penalty of $2.75 million. UMMC has also...

Read More
How Does OCR Deal with HIPAA Complaints?
Jul21

How Does OCR Deal with HIPAA Complaints?

The Department of Health and Human Services’ Office for Civil Rights (OCR) encourages individuals to file complaints about HIPAA-covered entities, or their business associates, if they feel that their privacy has been violated. Individuals are also able to file complaints if they believe the privacy of other individuals have been violated. Complaints about potential HIPAA violations are investigated by OCR, and while many prove to be...

Read More
House Passes Mental Health Reform Bill (Without the HIPAA Changes)
Jul14

House Passes Mental Health Reform Bill (Without the HIPAA Changes)

A mental health bill that aims to improve mental healthcare in the United States has been passed by the House. The bill – H.R. 2646 – which was first introduced three years ago, was intended to usher in sweeping changes to improve the treatment of mental illness in the United States. While the bill was passed with an overwhelming majority of 422-2 last Wednesday, a number of the more contentious issues needed to be removed...

Read More
OCR Phase 2 HIPAA Audits: Documentation Requests Issued
Jul13

OCR Phase 2 HIPAA Audits: Documentation Requests Issued

The Department of Health and Human Services’ Office for Civil Rights (OCR) has now selected covered entities from its pool of eligible organizations and has chosen 167 for a HIPAA compliance audit. Covered entities selected for a compliance audit have now been notified by email. Those organizations now have just 10 days to respond to the emails and submit the requested documentation to the OCR. The audits – which are desk based...

Read More
OCR Ransomware Guidance: Ransomware Attacks Are Reportable Breaches
Jul12

OCR Ransomware Guidance: Ransomware Attacks Are Reportable Breaches

The Department of Health and Human Services’ Office for Civil Rights has issued new guidance on ransomware. A fact sheet on healthcare ransomware attacks has been published along with a 12-page document providing technical guidance for CIOs and CISOs on best practices to adopt to prevent ransomware infections, mitigation strategies to adopt when ransomware is installed on computers or healthcare networks, and detailed information on...

Read More
CMS Finalizes New Rules for QEs on Sale and Sharing of Medicare Claims Data
Jul05

CMS Finalizes New Rules for QEs on Sale and Sharing of Medicare Claims Data

The Centers for Medicare and Medicaid Services (CMS) has finalized a new set of Rules for qualified entities that will allow the sharing or sale of Medicare claims data to healthcare providers, employers, and other entities. The rule changes will help to ensure that healthcare organizations, employers, and other organizations have access to the data they need to make informed decisions about the provision of care to patients. With...

Read More
Philadelphia Business Associate Agrees to $650,000 OCR Settlement
Jun30

Philadelphia Business Associate Agrees to $650,000 OCR Settlement

On June 24, 2016, the Department of Health and Human Services’ Office for Civil Rights (OCR) published details of a resolution agreement that was reached with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS).  CHCS has agreed to settle alleged HIPAA violations with the OCR and has agreed to implement a Corrective Action Plan (CAP). CHCS will also pay a financial penalty of $650,000. CHCS is the sole corporate...

Read More
Call Issued for Further Guidance on HIPAA Minimum Necessary Standard
Jun23

Call Issued for Further Guidance on HIPAA Minimum Necessary Standard

Melissa Martin, Board President for the American Health Information Management Association (AHIMA) gave a testimony at a National Committee on Vital and Health Statistics (NCVHS) hearing last week on the minimum necessary standard of the HIPAA Privacy Rule. The aim of the hearing was to determine whether the Department of Health and Human Services should issue an update to the standard to ensure it can continue to be met by healthcare...

Read More
ONC Releases Videos Explaining Patients’ HIPAA Rights
Jun03

ONC Releases Videos Explaining Patients’ HIPAA Rights

Earlier this year, the HHS’ Office for Civil Right (OCR) released guidance for healthcare organizations on patients’ HIPAA rights in an attempt to clear up confusion over access and ensure that covered entities were aware of their obligations under the HIPAA Privacy Rule. The guidance covered many of the questions commonly asked by healthcare organizations, including the models that can be adopted by healthcare organizations for...

Read More
OCR Rules Townsend Violated the HIPAA Privacy Rule
Jun02

OCR Rules Townsend Violated the HIPAA Privacy Rule

The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently ruled that a former town administrator of Townsend, MA., violated the HIPAA Privacy Rule in June last year when he posting an “information packet” online containing the protected health information of individuals who had used the town’s ambulance service. The information was intended to be viewed by Selectmen in order that a vote could be taken...

Read More
Healthcare Providers Violate HIPAA Responding to Negative Yelp Reviews
Jun01

Healthcare Providers Violate HIPAA Responding to Negative Yelp Reviews

Some healthcare providers have violated patient privacy and HIPAA Rules when responding to negative comments on Yelp and similar review sites according to a recent ProPublica report. For the report, ProPublica was provided with access to around 1.7 million Yelp reviews of healthcare providers. The researchers used a tool to sift through the reviews and isolated approximately 3,500 one-star ratings of healthcare providers – the...

Read More
Apple to Recruit HIPAA Expert as Privacy Counsel
May25

Apple to Recruit HIPAA Expert as Privacy Counsel

Apple is seeking a Privacy Counsel with extensive experience in healthcare privacy and a thorough understanding of HIPAA regulations. The new position confirms that Apple is planning on developing its products to be more valuable to healthcare professionals and patients, and that the company is intent on making more of a mark in the healthcare sector. The new recruit will be required to work on cutting edge projects, providing...

Read More