On January 17, 2013, the Department of Health and Human Services issued a Final Rule modifying the HIPAA Privacy, Security and Enforcement Rules, as well as the Breach Notification Rule promulgated pursuant to the HITECH Act.
Continue Reading HHS Issues Final Omnibus Rule Modifying HIPAA Privacy, Security, Enforcement and Breach Notification Rules

On January 2, 2013, the Department of Health and Human Services announced a resolution agreement and $50,000 settlement with Hospice of North Idaho following a June 2010 laptop theft that affected the electronic protected health information of 441 individuals.
Continue Reading HHS Settles First Enforcement Action Relating to a Breach Affecting Fewer than 500 Individuals

On July 31, 2012, Minnesota Attorney General Lori Swanson announced a $2.5 million settlement with Accretive Health, Inc. for violations of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, and various Minnesota debt collection and consumer protection laws.
Continue Reading Minnesota Attorney General Announces $2.5 Million Settlement with Accretive Health

On June 7, 2012, at the annual Safeguarding Health Information: Building Assurance through HIPAA Security Conference in Washington, D.C., OCR Director Leon Rodriguez indicated that tolerance for HIPAA non-compliance is “much, much lower” than it has been in the past, and that the final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules is “very close.”
Continue Reading OCR Director Leon Rodriguez Says Tolerance for HIPAA Non-Compliance Is Low

On March 24, 2012, the Department of Health and Human Services sent its final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules for review by the White House Office of Management and Budget. On April 17, the Department announced a $100,000 settlement with Phoenix Cardiac Surgery, P.C. for violations of the HIPAA Rules.
Continue Reading HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., alleging that the debt collection company failed to adequately safeguard patients’ protected health information and violated HIPAA, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws.
Continue Reading Minnesota AG Sues Debt Collection Agency for Health Privacy Violations