Tag Archives: HITECH Act

HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation

Posted on April 19, 2012 by Hunton & Williams LLP

In the past month, the Department of Health and Human Services (“HHS”) sent its final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules to the White House Office of Management and Budget (“OMB”) and announced a $100,000 settlement with Phoenix Cardiac Surgery, P.C. for violations of the HIPAA Rules.

Tags: Consumer Protection, Department of Health and Human Services, HIPAA, HITECH Act, Penalty, Privacy Rule, Protected Health Information, Security Rule

HHS Settles First Breach Notification Rule Case for $1.5 Million

Posted on March 14, 2012 by Hunton & Williams LLP

On March 13, 2012, the Department of Health and Human Services (“HHS”) announced that it had settled the first case related to the HITECH Act Breach Notification Rule. BlueCross Blue Shield of Tennessee (“BCBS Tennessee”) agreed to pay $1.5 million to settle potential HIPAA violations related to the October 2009 theft of 57 unencrypted hard drives containing protected health information (“PHI”) from a network data closet at a leased facility leased in Chattanooga, Tennessee.

Tags: Consumer Protection, Department of Health and Human Services, HIPAA, HITECH Act, Penalty, Privacy Rule, Protected Health Information, Social Security Number, Tennessee

Minnesota AG Sues Debt Collection Agency for Health Privacy Violations

Posted on January 24, 2012 by Hunton & Williams LLP

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., (“Accretive”) for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws. The suit, which was filed in Federal District Court in Minnesota, alleges that Accretive failed to adequately safeguard patients’ protected health information (“PHI”). This failure contributed to a July 2011 information security breach when an Accretive employee left an unencrypted laptop containing information of approximately 23,500 patients in a rental car. The laptop was stolen and has not yet been recovered.

Tags: Consumer Protection, HIPAA, HITECH Act, Minnesota, Privacy Rule, Protected Health Information, Social Security Number, State Attorneys General

California Bulks Up Security Breach Notification Requirements

Posted on September 2, 2011 by Hunton & Williams LLP

On August 31, 2011, California Governor Jerry Brown signed into law amendments to that state’s security breach notification statute. The revisions establish new content requirements for breach notification letters to California residents, and mandate notification to the state Attorney General when a breach affects more than 500 Californians. Senate Bill 24 was the third effort by State Senator Joe Simitian to build on the landmark California breach notification law he authored in 2002. The two previous bills he proposed were passed by the California legislature, but vetoed by former Governor Arnold Schwarzenegger.

Tags: California, Consumer Protection, HIPAA, HITECH Act, Legislation, Social Security Number, State Attorneys General

HHS Pressured to Drop Access Report Provision in Proposed Rule

Posted on August 5, 2011 by Hunton & Williams LLP

Several health care industry groups requested that the Department of Health and Human Services (“HHS”) either remove or significantly revise a proposed “access report” requirement in its recent notice of proposed rulemaking (the “Proposed Rule”) for the accounting of disclosures of protected health information (“PHI”). As we reported in May, HHS issued the Proposed Rule that revises existing HIPAA Privacy Rule provisions regarding accounting of disclosures and gives individuals a new right to obtain an “access report” that would list the specific persons who have accessed a patient’s PHI, and describe any actions taken by those persons with respect to the PHI (e.g., create, modify, access or delete).

Tags: Department of Health and Human Services, HIPAA, HITECH Act, Privacy Rule, Protected Health Information

IAPP Hosts Webinar on Upcoming OCR Audit Program

Posted on August 2, 2011 by Hunton & Williams LLP

On July 28, 2011, the International Association of Privacy Professionals (“IAPP”) hosted a webinar that addressed the upcoming audit program of the Department of Health and Human Services Office of Civil Rights (“OCR”). Susan McAndrew, the Deputy Director for Health Information Privacy at OCR, provided an overview of the audit program, noting that it stemmed from Section 13411 of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. That section of the HITECH Act authorized the Secretary of the Health and Human Services to “provide for periodic audits to ensure that covered entities and business associates” comply with the requirements of the HIPAA Privacy and Security Rules.

Tags: Compliance, Department of Health and Human Services, HIPAA, HITECH Act, International Association of Privacy Professionals, Privacy Rule, Protected Health Information, Security Rule

HHS Issues Notice of Proposed Rulemaking for Accounting of Disclosures of Protected Health Information

Posted on May 31, 2011 by Hunton & Williams LLP

On May 27, 2011, the Department of Health and Human Services (“HHS”) issued a notice of proposed rulemaking regarding the HIPAA Privacy Rule provision that requires covered entities to provide an accounting of disclosures of protected health information (“PHI”) to individuals upon request. The proposed rule revises existing HIPAA Privacy Rule provisions regarding an accounting of disclosures and also gives individuals a new right to obtain an “access report” about which specific individuals have accessed electronic PHI in a designated record set. The proposed rule also requires covered entities to modify their privacy notices to include that individuals have the right to obtain an access report from the covered entities.

Tags: Department of Health and Human Services, HIPAA, HITECH Act, Privacy Rule, Protected Health Information

HHS Fines Cignet Health $4.3 Million for Violation of HIPAA Privacy Rule

Posted on February 22, 2011 by Hunton & Williams LLP

On February 22, 2011, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) imposed its first civil money penalty for an entity’s violation of HIPAA’s Privacy Rule. In its Notice of Final Determination, OCR concluded that Cignet Health withheld patient records despite requests for their disclosure. Of the $4.3 million penalty, $1.3 million was levied for denying patients access to their own medical records, while an additional $3 million was imposed due to Cignet’s failure to cooperate with OCR’s investigation as required by the Privacy Rule. Increased penalty amounts were authorized by Section 13410(d) of the Health Information Technology for Economic and Clinical Health Act (the “HITECH” Act).

Tags: Department of Health and Human Services, HIPAA, HITECH Act, Penalty, Privacy Rule

Key Voice on Privacy Issues Loses Congressional Reelection Bid While Another Joins the Senate

Posted on November 3, 2010 by Hunton & Williams LLP

Representative Rick Boucher (D-VA), current head of the House Subcommittee on Communications, Technology and the Internet, lost his reelection bid yesterday to Republican Morgan Griffith, the Majority Leader of the Virginia House of Delegates. Representative Boucher, widely recognized and respected for his legislative efforts in the areas of technology, telecommunications and privacy law, co-authored the CAN-SPAM Act and also introduced draft privacy legislation earlier this year. Congressman Boucher’s defeat leaves the House Subcommittee on Communications, Technology and the Internet panel without its top Democrat, and it is unclear who will fill that leadership vacancy. Continue reading…

Tags: Bobby Rush, Cliff Stearns, Congress, Connecticut, Federal Trade Commission, HITECH Act, Legislation, Richard Blumenthal, Rick Boucher, Senate, State Attorneys General, Virginia

Health Care Organizations Comment on Proposed Modifications to HIPAA Privacy, Security and Enforcement Rules

Posted on October 4, 2010 by Hunton & Williams LLP

The Department of Health and Human Services (“HHS”) received numerous comments on its proposed modifications to the Health Insurance Portability and Accountability Act Privacy, Security and Enforcement Rules, which were issued on July 8, 2010. Some highlights from the comments are outlined below.

Enforcement Rule

The American Hospital Association (“AHA”) suggested that HHS should continue to require the Secretary of HHS to attempt to resolve a complaint or compliance review through informal means, instead of making the informal resolution process optional. According to the AHA, making “resolution via informal means optional, regardless of the perceived level of culpability of a particular entity” would not be appropriate or effective. The Coalition for Patient Privacy, on the other hand, recommended stricter enforcement so that “the only category of violators that should not be penalized with fines are those who despite due diligence could not discover the violation, who reported the violation immediately when discovered, and fully corrected the problems within 30 days of discovery.”

Tags: Enforcement Rule, HIPAA, HITECH Act, Privacy Rule, Protected Health Information, Security Rule

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

Tag Archives: HITECH Act

HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation

HHS Pressured to Drop Access Report Provision in Proposed Rule

IAPP Hosts Webinar on Upcoming OCR Audit Program

HHS Issues Notice of Proposed Rulemaking for Accounting of Disclosures of Protected Health Information

HHS Fines Cignet Health $4.3 Million for Violation of HIPAA Privacy Rule

Key Voice on Privacy Issues Loses Congressional Reelection Bid While Another Joins the Senate

Health Care Organizations Comment on Proposed Modifications to HIPAA Privacy, Security and Enforcement Rules

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Privacy News