Tag Archives: HITECH Act

HHS Announces Pre-Audit HIPAA Surveys

The Department of Health and Human Services Office for Civil Rights recently announced that it intends to survey up to 1,200 covered entities and business associates to determine their suitability for a more fulsome HIPAA compliance audit.… Continue Reading

FTC Reaches Settlement with Accretive Health

On December 31, 2013, the Federal Trade Commission announced that Accretive Health, Inc. has agreed to settle charges that the company's inadequate data security measures unfairly exposed sensitive consumer information to the risk of theft or misuse. Accretive experienced a breach in July 2011 that involved the protected health information of more than 23,000 patients.… Continue Reading

New HIPAA Omnibus Rule: A Compliance Guide

On January 17, 2013, the Department of Health and Human Services’ Office for Civil Rights released its long-anticipated megarule amending the HIPAA Privacy, Security, Breach Notification and Enforcement Rules. This blog post highlights some of the more significant aspects of the Omnibus Rule and provides critical compliance tips.… Continue Reading

OCR Director Leon Rodriguez Says Tolerance for HIPAA Non-Compliance Is Low

On June 7, 2012, at the annual Safeguarding Health Information: Building Assurance through HIPAA Security Conference in Washington, D.C., OCR Director Leon Rodriguez indicated that tolerance for HIPAA non-compliance is “much, much lower” than it has been in the past, and that the final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules is “very close.”… Continue Reading

HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation

On March 24, 2012, the Department of Health and Human Services sent its final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules for review by the White House Office of Management and Budget. On April 17, the Department announced a $100,000 settlement with Phoenix Cardiac Surgery, P.C. for violations of the HIPAA Rules.… Continue Reading

Minnesota AG Sues Debt Collection Agency for Health Privacy Violations

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., alleging that the debt collection company failed to adequately safeguard patients’ protected health information and violated HIPAA, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws.… Continue Reading

California Bulks Up Security Breach Notification Requirements

On August 31, 2011, California Governor Jerry Brown signed into law amendments to the state's security breach notification law; similar bills had been vetoed twice in the past by former Governor Schwarzenegger. As of January 1, 2012, entities will be required to notify the California Attorney General when a breach affects more than 500 California residents, and there will be specific content requirements for the notification provided to individuals. … Continue Reading

HHS Pressured to Drop Access Report Provision in Proposed Rule

Several health care industry groups have requested that the Department of Health and Human Services either remove or significantly revise a proposed "access report" requirement in its recent notice of proposed rulemaking for the accounting of disclosures of protected health information. … Continue Reading

IAPP Hosts Webinar on Upcoming OCR Audit Program

On July 28, 2011, the International Association of Privacy Professionals hosted a webinar on the forthcoming OCR HIPAA audit program. The new audits are intended to produce a more systematic and preventative approach to assessing HIPAA compliance. … Continue Reading

HHS Issues Notice of Proposed Rulemaking for Accounting of Disclosures of Protected Health Information

On May 27, 2011, the Department of Health and Human Services issued a notice of proposed rulemaking that revises existing HIPAA Privacy Rule provisions regarding an accounting of disclosures and also gives individuals a new right to obtain an "access report" detailing who has accessed electronic protected health information in a designated record set. … Continue Reading
LexBlog