On May 6, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement and $3 million settlement with Touchstone Medical Imaging. The settlement is the first OCR HIPAA enforcement action in 2019, following an all-time record year of HIPAA enforcement in 2018.
Continue Reading OCR Settles with Medical Imaging Services Company
Business Associate Agreement
HHS Releases Guidance on HIPAA and Cloud Computing
Earlier this month, the Department of Health and Human Services’ Office for Civil Rights issued guidance for HIPAA-covered entities that use cloud computing services involving electronic protected health information. …
Continue Reading HHS Releases Guidance on HIPAA and Cloud Computing
OCR Settles Largest HIPAA Violation Against a Single Covered Entity
On August 4, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.
Continue Reading OCR Settles Largest HIPAA Violation Against a Single Covered Entity
OCR Settles Two HIPAA Cases with Public Health Centers in Oregon and Mississippi
The U.S. Department of Health and Human Services’ Office for Civil Rights recently entered into resolution agreements with two large public health centers over alleged HIPAA violations.
Continue Reading OCR Settles Two HIPAA Cases with Public Health Centers in Oregon and Mississippi
OCR Enters into First Enforcement Action Against Business Associate
On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.
Continue Reading OCR Enters into First Enforcement Action Against Business Associate
OCR Settles Two Key HIPAA Privacy Rule Cases Involving X-Rays and Medical Reality TV Show
The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced resolution agreements with Raleigh Orthopaedic Clinic, P.A., and New York-Presbyterian Hospital for HIPAA Privacy Rule violations.
Continue Reading OCR Settles Two Key HIPAA Privacy Rule Cases Involving X-Rays and Medical Reality TV Show
Triple-S Management Corporation Enters into $3.5 Million HIPAA Settlement
On November 30, 2015, Triple-S Management Corporation, an insurance holding company based in San Juan, Puerto Rico, agreed on behalf of certain of its subsidiaries to a 3.5 million dollar settlement to resolve potential violations of the HIPAA Privacy and Security Rules.
Continue Reading Triple-S Management Corporation Enters into $3.5 Million HIPAA Settlement
HHS Delays Enforcement of HITECH Act Business Associate Provisions
We understand that yesterday Adam H. Greene (Office of the General Counsel, Civil Rights Division, U.S. Department of Health & Human Services), speaking at the ABA’s 11th Annual Conference on Emerging Issues in Healthcare Law, indicated that enforcement of the business associate provisions of the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), which became effective on February 17, 2010, will be delayed until final rules addressing those provisions are published. The HITECH Act’s business associate provisions require business associates to implement the information security safeguards specified by the HIPAA Security Rule, and comply with certain requirements of the HIPAA Privacy Rule. Similarly, the HITECH Act requires covered entities to provide in their business associate agreements that all of the HITECH Act’s security requirements applicable to covered entities are also applicable to business associates.
Continue Reading HHS Delays Enforcement of HITECH Act Business Associate Provisions
Becoming HITECH: Actions Covered Entities and Business Associates Should Take Now to Comply with the Requirements of the HITECH Act
The Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), which was signed into law in February 2009 as part of the economic stimulus package, substantially impacts requirements imposed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The HITECH Act creates several new and potentially burdensome obligations that affect…