The HHS Office for Civil Rights recently indicated that it has stepped up enforcement of the HIPAA Security Rule, and is conducting compliance reviews for all HIPAA data breaches involving more than 500 individuals.
… Continue Reading
After becoming the first state attorney general to exercise HITECH Act enforcement authority earlier this year, Connecticut's AG Richard Blumenthal is investigating new allegations of possible HIPAA violations involving hospital patient records.
… Continue Reading
We understand that yesterday Adam H. Greene (Office of the General Counsel, Civil Rights Division, U.S. Department of Health & Human Services), speaking at the ABA’s 11th Annual Conference on Emerging Issues in Healthcare Law, indicated that enforcement of the business associate provisions of the Health Information Technology for Economic and Clinical Health Act (the … Continue Reading
Cloud computing raises complex legal issues related to privacy and information security. As legislators and regulators around the world grapple with the privacy and data security implications of cloud computing, companies seeking to implement cloud-based solutions should closely monitor this rapidly evolving legal landscape for developments. In an article published on February 3, 2010, Lisa … Continue Reading
In a lawsuit he described as “[s]adly . . . historic,” Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc. for allegedly failing to secure private patient medical records and financial information involving hundreds of thousands of Connecticut enrollees and promptly notify consumers endangered by the security breach. The case marks the first … Continue Reading
The Department of Health and Human Services (“HHS”) released an interim final rule to incorporate the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”) categories of violations and tiered civil penalty amounts. The interim final rule is expected to be published in the Federal Register on October 30, 2009 and takes effect … Continue Reading
The Department of Health and Human Services (“HHS”) has posted to its website a notification form that may be used to report breaches of unsecured protected health information to the agency. Although some state agencies requiring notice of a breach employ a standard reporting form, the form issued by HHS has several unique features and … Continue Reading
The Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), which was signed into law in February 2009 as part of the economic stimulus package, substantially impacts requirements imposed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The HITECH Act creates several new and potentially burdensome obligations that affect … Continue Reading
On August 17, the Federal Trade Commission ("FTC") issued a final rule ("FTC Final Rule") addressing security breaches of personal health records ("PHRs"). The FTC Final Rule applies to all breaches discovered on or after September 24, 2009, and to “foreign and domestic vendors of personal health records, PHR related entities, and third party service … Continue Reading
On April 17, the U.S. Department of Health and Human Services ("HHS") issued proposed information security guidance, as required by the Health Information Technology for Economic and Clinical Health Act (the "HITECH Act") passed as part of American Recovery and Reinvestment Act of 2009 on February 17. The HITECH Act requires covered entities and business … Continue Reading