Tag Archives: Privacy Rule

HHS Fines Cignet Health $4.3 Million for Violation of HIPAA Privacy Rule

Posted on February 22, 2011 by Hunton & Williams LLP

On February 22, 2011, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) imposed its first civil money penalty for an entity’s violation of HIPAA’s Privacy Rule. In its Notice of Final Determination, OCR concluded that Cignet Health withheld patient records despite requests for their disclosure. Of the $4.3 million penalty, $1.3 million was levied for denying patients access to their own medical records, while an additional $3 million was imposed due to Cignet’s failure to cooperate with OCR’s investigation as required by the Privacy Rule. Increased penalty amounts were authorized by Section 13410(d) of the Health Information Technology for Economic and Clinical Health Act (the “HITECH” Act).

Tags: Department of Health and Human Services, HIPAA, HITECH Act, Penalty, Privacy Rule

Health Care Organizations Comment on Proposed Modifications to HIPAA Privacy, Security and Enforcement Rules

Posted on October 4, 2010 by Hunton & Williams LLP

The Department of Health and Human Services (“HHS”) received numerous comments on its proposed modifications to the Health Insurance Portability and Accountability Act Privacy, Security and Enforcement Rules, which were issued on July 8, 2010. Some highlights from the comments are outlined below.

Enforcement Rule

The American Hospital Association (“AHA”) suggested that HHS should continue to require the Secretary of HHS to attempt to resolve a complaint or compliance review through informal means, instead of making the informal resolution process optional. According to the AHA, making “resolution via informal means optional, regardless of the perceived level of culpability of a particular entity” would not be appropriate or effective. The Coalition for Patient Privacy, on the other hand, recommended stricter enforcement so that “the only category of violators that should not be penalized with fines are those who despite due diligence could not discover the violation, who reported the violation immediately when discovered, and fully corrected the problems within 30 days of discovery.”

Tags: Enforcement Rule, HIPAA, HITECH Act, Privacy Rule, Protected Health Information, Security Rule

HHS Issues Modifications to the HIPAA Privacy, Security and Enforcement Rules

Posted on July 8, 2010 by Hunton & Williams LLP

On July 8, 2010, the Department of Health and Human Services ("HHS") issued a notice of proposed rulemaking to modify the Privacy, Security and Enforcement Rules promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996. The modifications implement changes made by the Health Information Technology for Economic and Clinical Health Act (the “HITECH” Act) enacted in 2009.

Tags: Department of Health and Human Services, HIPAA, HITECH Act, Privacy Rule, Protected Health Information, Security Rule

HHS Official Reports Uptick in HIPAA Security Rule Enforcement

Posted on May 14, 2010 by Hunton & Williams LLP

David Holtzman, a health information privacy specialist at the Office for Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”), stated at a health privacy conference on May 11, 2010, that OCR has been “vigorously” enforcing the Security Rule, which was promulgated pursuant to the Health Insurance Portability and Accountability Act (“HIPAA”). Prior to 2009, HHS divided civil enforcement responsibility for HIPAA between OCR, which enforced the HIPAA Privacy Rule, and the Centers for Medicare and Medicaid Services (“CMS”), which enforced the HIPAA Security Rule. In July 2009, the Secretary of HHS delegated authority to enforce the HIPAA Security Rule to OCR to “facilitate improvements by eliminating duplication and increasing efficiency.”

Tags: Compliance, Department of Health and Human Services, HIPAA, HITECH Act, Privacy Rule, Security Rule

HHS Delays Enforcement of HITECH Act Business Associate Provisions

Posted on February 19, 2010 by Hunton & Williams LLP

We understand that yesterday Adam H. Greene (Office of the General Counsel, Civil Rights Division, U.S. Department of Health & Human Services), speaking at the ABA’s 11th Annual Conference on Emerging Issues in Healthcare Law, indicated that enforcement of the business associate provisions of the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), which became effective on February 17, 2010, will be delayed until final rules addressing those provisions are published. The HITECH Act’s business associate provisions require business associates to implement the information security safeguards specified by the HIPAA Security Rule, and comply with certain requirements of the HIPAA Privacy Rule. Similarly, the HITECH Act requires covered entities to provide in their business associate agreements that all of the HITECH Act’s security requirements applicable to covered entities are also applicable to business associates.

Tags: Business Associate Agreement, Department of Health and Human Services, HIPAA, HITECH Act, Privacy Rule, Security Rule

U.S. Department of Health and Human Services Expands Its Health Information Privacy Enforcement Team

Posted on August 10, 2009 by Hunton & Williams LLP

In a move that portends increased enforcement of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule, the Department of Health and Human Services (“HHS”) has created two new positions on its health information privacy enforcement team. According to the job listings (here and here), the new Health Information Privacy Specialists at the HHS Office for Civil Rights (“OCR”) will be responsible for “reviewing, analyzing, implementing, promoting, or improving proposed or existing programs or policies needed to implement OCR’s authority for ensuring compliance with the privacy of health information requirements” of HIPAA and its implementing regulations. The website indicates that applications for the positions will be accepted through Thursday, August 13, 2009.

Tags: Department of Health and Human Services, HIPAA, Privacy Rule

California Medical Privacy Laws

Posted on January 22, 2009 by Hunton & Williams LLP

Two California medical privacy laws became effective on January 1, 2009. The laws, A.B. 211 and S.B. 541, create new obligations for health care providers and facilities in California to protect against unlawful or unauthorized access to patient medical information. In contrast, other medical privacy regulations, including the Privacy Rule promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), focus only on the unauthorized use or disclosure of protected health information.

Tags: California, HIPAA, Privacy Rule

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

Tag Archives: Privacy Rule

HHS Fines Cignet Health $4.3 Million for Violation of HIPAA Privacy Rule

Health Care Organizations Comment on Proposed Modifications to HIPAA Privacy, Security and Enforcement Rules

HHS Issues Modifications to the HIPAA Privacy, Security and Enforcement Rules

HHS Official Reports Uptick in HIPAA Security Rule Enforcement

HHS Delays Enforcement of HITECH Act Business Associate Provisions

U.S. Department of Health and Human Services Expands Its Health Information Privacy Enforcement Team

California Medical Privacy Laws

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Privacy News