On January 17, 2013, the Department of Health and Human Services issued a Final Rule modifying the HIPAA Privacy, Security and Enforcement Rules, as well as the Breach Notification Rule promulgated pursuant to the HITECH Act.
Continue Reading HHS Issues Final Omnibus Rule Modifying HIPAA Privacy, Security, Enforcement and Breach Notification Rules
HITECH Act
HHS Settles First Enforcement Action Relating to a Breach Affecting Fewer than 500 Individuals
On January 2, 2013, the Department of Health and Human Services announced a resolution agreement and $50,000 settlement with Hospice of North Idaho following a June 2010 laptop theft that affected the electronic protected health information of 441 individuals.
Continue Reading HHS Settles First Enforcement Action Relating to a Breach Affecting Fewer than 500 Individuals
HHS Publishes Guidance on How to De-Identify Protected Health Information
On November 26, 2012, the Department of Health and Human Services’ Office of Civil Rights published guidance on the two methods for de-identifying protected health information in accordance with the HIPAA Privacy Rule. …
Continue Reading HHS Publishes Guidance on How to De-Identify Protected Health Information
HHS Announces $1.5 Million HIPAA Settlement with Massachusetts Facilities
On September 17, 2012, the Department of Health and Human Services announced a $1.5 million settlement with the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. for potential violations of the HIPAA Security Rule.
Continue Reading HHS Announces $1.5 Million HIPAA Settlement with Massachusetts Facilities
Minnesota Attorney General Announces $2.5 Million Settlement with Accretive Health
On July 31, 2012, Minnesota Attorney General Lori Swanson announced a $2.5 million settlement with Accretive Health, Inc. for violations of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, and various Minnesota debt collection and consumer protection laws.
Continue Reading Minnesota Attorney General Announces $2.5 Million Settlement with Accretive Health
HHS Settles First HIPAA Enforcement Action Against a State Agency
On June 26, 2012, the Department of Health and Human Services announced a resolution agreement and $1.7 million settlement with the Alaska Department of Health and Social Services for violations of the HIPAA. …
Continue Reading HHS Settles First HIPAA Enforcement Action Against a State Agency
OCR Director Leon Rodriguez Says Tolerance for HIPAA Non-Compliance Is Low
On June 7, 2012, at the annual Safeguarding Health Information: Building Assurance through HIPAA Security Conference in Washington, D.C., OCR Director Leon Rodriguez indicated that tolerance for HIPAA non-compliance is “much, much lower” than it has been in the past, and that the final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules is “very close.”…
Continue Reading OCR Director Leon Rodriguez Says Tolerance for HIPAA Non-Compliance Is Low
HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation
On March 24, 2012, the Department of Health and Human Services sent its final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules for review by the White House Office of Management and Budget. On April 17, the Department announced a $100,000 settlement with Phoenix Cardiac Surgery, P.C. for violations of the HIPAA Rules.
Continue Reading HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation
HHS Settles First Breach Notification Rule Case for $1.5 Million
On March 13, 2012, the Department of Health and Human Services announced that BlueCross Blue Shield of Tennessee agreed to pay $1.5 million to settle potential violations of the HIPAA Privacy and Security Rules.
Continue Reading HHS Settles First Breach Notification Rule Case for $1.5 Million
Minnesota AG Sues Debt Collection Agency for Health Privacy Violations
On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., alleging that the debt collection company failed to adequately safeguard patients’ protected health information and violated HIPAA, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws.
Continue Reading Minnesota AG Sues Debt Collection Agency for Health Privacy Violations