Tag Archives: Health and Human Services

HHS Clarifies HIPAA Liability for EHR System Developers that Transfer Data to Health Apps

On Friday, April 19, 2019, the Office for Civil Rights of the U.S. Department of Health and Human Services (HHS) explained in an FAQ the circumstances under which electronic health record (EHR) systems may be subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) liability for an app’s impermissible use or disclosure … Continue Reading

FTC Announces it will Provide Guidance on Ransomware

The FTC has become the most recent regulator to take a closer look at ransomware and its impact on consumers. During the FTC’s September 7, 2016, Fall Technology Series on Ransomware, Chairwoman Edith Ramirez announced that the FTC will soon release guidance to businesses on how to protect against ransomware. Ransomware is a malicious software … Continue Reading

HHS Updates Health Data Privacy and Security Guide

The  Office of the National Coordinator for Health Information (ONC) recently released an updated Guide to Privacy and Security of Electronic Health Information.  The guide aims to help individuals, providers, and the health IT community understand the role of HIPAA for interoperability of health information. This guide updates the previous version issued by the ONC … Continue Reading

GAO Report Outlines Healthcare.gov’s Ongoing Privacy Issues

By Randall Friedland According to a GAO report published September 16th, Healthcare.gov, the health insurance exchange rolled out last October, still has significant privacy weaknesses. Specifically, the report outlined that despite the Centers for Medicare & Medicaid Services’ (CMS) efforts to increase the security and privacy of data that it processes, maintains, and shares with … Continue Reading

HHS Releases New Tool to Assist with HIPAA Risk Assessments

On March 28, HHS released new resources on risk analysis requirements under the HIPAA Security Rule.  The HIPAA Security Rule governs how electronic individually identifiable health information is maintained by covered entities and business associates.  In short, it requires covered entities and business associates to implement certain physical, administrative, and technical safeguards to protect the … Continue Reading

HITECH Update #10: HHS Releases First Sample Business Associate Agreement Provisions Since HITECH Act, Omnibus Rule

This post is part of our series on key aspects of the final HITECH omnibus rule published by the U.S. Department of Health and Human Services (HHS) in the Federal Register on January 25, 2013. Previous posts are available here. The regulations are effective March 26, 2013, but covered entities and business associates have until … Continue Reading

HITECH Update #2: HHS Finalizes Privacy Rules to Protect Genetic Information

This post is part of our series on key aspects of the final HITECH omnibus rule issued by the U.S. Department of Health and Human Services (HHS) on January 17, 2013 (available here), and scheduled to be published in the Federal Register on January 25.  Previous posts are available here.  The regulations are effective March 26, 2013, … Continue Reading

HHS Publishes Standards for Health Care Electronic Funds Transfers and Remittance Advice

The Department of Health and Human Services (HHS) recently published an interim final rule with comment period entitled “Administrative Simplification: Adoption of Standards for Health Care Electronic Funds Transfers (EFTs) and Remittance Advice.”  The rule establishes streamlined standards for the format and content of transmissions that health plans send to financial institutions when making electronic funds … Continue Reading

HHS Regulatory Review Plan Contemplates Modifications to HIPAA

 By Anna Kraus Last Thursday, the Office of Management and Budget (OMB) released the preliminary regulatory review plans of 30 federal agencies, including the Department of Health and Human Services (HHS).  The regulatory review plans were mandated by President Obama in an executive order issued earlier this year, and are intended to identify initiatives to … Continue Reading

OIG Criticizes HHS Oversight of the HIPAA Security Rule, Data Security Controls in Health IT Standards

By Anna Kraus Last week, the Office of Inspector General (OIG) within the Department of Health and Human Services (HHS) issued two audit reports regarding federally mandated data security measures for health information.  Both reports are highly critical of HHS’s efforts to protect the security of electronic health information. In the first report, available here, … Continue Reading

Coming Soon: Final HITECH Act HIPAA Privacy/Security Rules

In July of last year, the U.S. Department of Health & Human Services Office for Civil Rights issued a proposed regulation implementing changes to HIPAA resulting from the HITECH Act.  As we previously reported, the proposed regulation significantly expands the scope of the privacy, security, and enforcement provisions of HHS’s existing HIPAA rules. Last month, … Continue Reading
LexBlog