Recently, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and record settlement of $16 million with Anthem, Inc. following Anthem’s 2015 data breach, the largest breach of protected health information in history that affected approximately 79 million individuals.
Continue Reading
HIPAA
CCPA Amended: Enforcement Delayed, Few Substantive Changes Made
Posted on
Posted in Online Privacy, U.S. State Law
On August 31, 2018, the California State Legislature passed SB-1121, a bill that delays enforcement of the California Consumer Privacy Act of 2018 and makes other modest amendments to the CCPA. The CCPA introduces key privacy requirements for businesses and its provisions will become operative on January 1, 2020.…
Continue Reading
OCR Issues Guidance on Disclosures to Family, Friends and Others
Posted on
Posted in Health Privacy, Information Security
In its most recent cybersecurity newsletter, the U.S. Department of Health and Human Services’ Office for Civil Rights provided guidance regarding identifying vulnerabilities and mitigating the associated risks on software used to process electronic protected health information.…
Continue Reading
HHS Publishes Advance Notices of Proposed Rulemaking on Accounting of Disclosures and Civil Monetary Penalties
Posted on
Posted in Health Privacy
The Department of Health and Human Services recently published two advance notices of proposed rulemaking that address accounting of disclosures and the potential distribution of civil monetary penalties to affected individuals. …
Continue Reading
Unsecured PHI Leads to OCR Settlement with Closed Business
Posted on
On February 13, 2018, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with the receiver appointed to liquidate the assets of Filefax, Inc. in order to settle potential violations of HIPAA. …
Continue Reading
OCR Issues Guidance on Disclosures to Family, Friends and Others
Posted on
Posted in Health Privacy, Information Security
On October 3, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights issued an announcement clarifying when protected health information can be shared with family, friends and others.…
Continue Reading
OCR Releases Guidance on HIPAA Compliance During Emergencies
Posted on
Posted in Health Privacy, Information Security
On September 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights issued an announcement containing disaster preparedness and recovery guidance in advance of Hurricane Irma. The announcement underscores key privacy and security issues for entities covered by HIPAA to help them protect individuals’ health information before, during and after emergency situations.…
Continue Reading
OCR Releases Improved Data Breach Reporting Tool
Posted on
On July 25, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced the release of an updated web tool that highlights recent data breaches of health information. …
Continue Reading
OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials
Posted on
The U.S. Department of Health and Human Services’ Office for Civil Rights and the Health Care Industry Cybersecurity Task Force have published important materials addressing cybersecurity in the health care industry. This blog entry provides highlights on these materials.…
Continue Reading
OCR Fines Texas Health System For Alleged HIPAA Privacy Rule Violation
Posted on
Posted in Health Privacy, Information Security
On May 10, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a 2.4 million dollar civil monetary penalty against Memorial Hermann Health System for alleged violations of the Health Insurance Portability and Accountability Act of 1996 Privacy Rule. …
Continue Reading