Tag Archives: Privacy Rule

HHS Settles Case Involving Unattended Medical Records

On June 23, 2014, the Department of Health and Human Services announced a resolution agreement and 800,000 USD settlement with Parkview Health System, Inc. following a complaint involving patient medical records that were left unattended on a physician’s driveway. … Continue Reading

HHS Announces Pre-Audit HIPAA Surveys

The Department of Health and Human Services Office for Civil Rights recently announced that it intends to survey up to 1,200 covered entities and business associates to determine their suitability for a more fulsome HIPAA compliance audit.… Continue Reading

HIPAA Omnibus Rule Compliance Deadline Has Arrived

Today marks the deadline for compliance with the HIPAA Omnibus Rule that was issued in January 2013. Covered entities, business associates and subcontractors that access, use or disclose protected health information should ensure that they meet the new compliance requirements outlined in this post.… Continue Reading

HHS Releases Model Notices of Privacy Practices

This week, the Department of Health and Human Services' Office for Civil Rights, in conjunction with the Office of the National Coordinator for Health Information Technology, released model Notices of Privacy Practices.… Continue Reading

HHS Settles with Shasta Regional Medical Center

On June 13, 2013, the Department of Health and Human Services announced a resolution agreement and 275,000 dollar settlement with Shasta Regional Medical Center in connection with impermissible disclosures of protected health information to the media, as well as to Shasta’s entire workforce.… Continue Reading

New HIPAA Omnibus Rule: A Compliance Guide

On January 17, 2013, the Department of Health and Human Services’ Office for Civil Rights released its long-anticipated megarule amending the HIPAA Privacy, Security, Breach Notification and Enforcement Rules. This blog post highlights some of the more significant aspects of the Omnibus Rule and provides critical compliance tips.… Continue Reading

HHS Posts Audit Protocol Online

The Department of Health and Human Services Office for Civil Rights (“OCR”) has posted an audit protocol on its website to provide information about the procedures currently being used by OCR as part of its new audit program.… Continue Reading

OCR Director Leon Rodriguez Says Tolerance for HIPAA Non-Compliance Is Low

On June 7, 2012, at the annual Safeguarding Health Information: Building Assurance through HIPAA Security Conference in Washington, D.C., OCR Director Leon Rodriguez indicated that tolerance for HIPAA non-compliance is “much, much lower” than it has been in the past, and that the final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules is “very close.”… Continue Reading

HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation

On March 24, 2012, the Department of Health and Human Services sent its final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules for review by the White House Office of Management and Budget. On April 17, the Department announced a $100,000 settlement with Phoenix Cardiac Surgery, P.C. for violations of the HIPAA Rules.… Continue Reading

Minnesota AG Sues Debt Collection Agency for Health Privacy Violations

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., alleging that the debt collection company failed to adequately safeguard patients’ protected health information and violated HIPAA, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws.… Continue Reading
LexBlog