Tag Archives: HIPAA Privacy Rule

HHS Announces More HIPAA Enforcement Actions

The beginning of 2017 has brought a number of HIPAA enforcement actions involving covered entities. These enforcement actions indicate that HHS is continuing recent efforts to step up HIPAA enforcement and levy significant penalties for non-compliance. In January, HHS announced that it had reached a $475,000 settlement with a large health care network for failure … Continue Reading

Twenty-First Century Cures Act Includes HIPAA Provisions

A new post over on Covington’s eHealth blog discusses HIPAA-related provisions in the Twenty-First Century Cures Act, signed by President Obama on December 13.   These provisions direct HHS to consider HIPAA’s effects on mental health treatment and the availability of health data for research purposes.  Read the full post here.… Continue Reading

OCR Steps Up HIPAA Enforcement Following Breaches of Protected Health Information

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has been busy.  In addition to its recent efforts to begin audits of covered entities and business associates, OCR has announced a slew of enforcement actions against covered entities for alleged HIPAA violations.… Continue Reading

HHS Issues Final Rule on HIPAA and Firearm Background Check Reporting

On January 6, as part of President Obama’s executive action to combat gun violence, HHS promulgated a final regulation modifying the HIPAA Privacy Rule to allow certain HIPAA covered entities to disclose limited information to the National Instant Criminal Background Check System (NICS).  We previously discussed the proposed rule here. Background:  The NICS, maintained by … Continue Reading

HHS Issues Guidance on Refill Reminders under HIPAA

On September 19, HHS released additional guidance on the “refill reminder exception” in HIPAA, which allows — in some circumstances — paid communications regarding a drug or biologic currently prescribed to a patient. Background In January 2013, HHS finalized new restrictions on marketing as part of the final omnibus rule implementing changes to HIPAA under … Continue Reading

HHS Announces $1.7 Million HIPAA Settlement With WellPoint

On July 11, the Department of Health and Human Services (HHS) announced that WellPoint, a managed care company, paid HHS $1.7 million to settle potential violations of the HIPAA Privacy and Security Rules.  Like other recent enforcement actions, HHS initiated its investigation into WellPoint after the company provided notification of a breach of unsecured protected … Continue Reading

HHS Releases Unofficial Set of Combined HIPAA Regulations

On June 11, the Department of Health and Human Services released an unofficial version of all of the HIPAA regulatory standards in one document.  The combined regulation text includes the following HIPAA standards: Transactions and Code Set Standards Identifier Standards Privacy Rule Security Rule Enforcement Rule Breach Notification Rule The document reflects the changes in … Continue Reading

HHS Settles HIPAA Privacy Case With California Medical Center

By Rachel Grunberger and Anna Kraus The Department of Health and Human Services (HHS) announced on June 14 that it reached a settlement with Shasta Regional Medical Center (SRMC) in California over potential violations of the HIPAA Privacy Rule.  Under the settlement, SRMC agreed to pay $275,000 and implement a comprehensive corrective action plan (CAP). … Continue Reading

HITECH Update # 7: New HIPAA Requirements for Business Associates and Their Subcontractors

This post is part of our series on key aspects of the final HITECH omnibus rule published by the U.S. Department of Health and Human Services (HHS) in the Federal Register on January 25, 2013. Previous posts are available here. The regulations are effective March 26, 2013, but covered entities and business associates have until … Continue Reading

HHS Issues Long-Awaited Final HITECH Regulations

By Anna Kraus and Rachel Grunberger The U.S. Department of Health and Human Services has issued its long-awaited final omnibus rule modifying the privacy, security, enforcement, and breach notification regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The rule is based on statutory changes under the Health Information Technology for Economic … Continue Reading

HHS Issues Message to Nation’s Health Care Providers About HIPAA and Threats to Health and Safety

Following the release of the President’s plan to reduce gun violence, the Office for Civil Rights within the Department of Health and Human Services (HHS) issued a “Message to Our Nation’s Health Care Providers” regarding HIPAA and reporting threats of violence.  In the letter, which was prompted by the recent mass shootings in Newtown, Connecticut, … Continue Reading

President’s Gun Plan Addresses HIPAA Concerns, Clarifications

By Rachel Grunberger and Anna Kraus Two measures in President Obama’s plan to reduce gun violence, released yesterday, seek to address privacy concerns related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  Mental Health Records and Background Checks.  The first measure, which is part of a set of recommendations to strengthen the … Continue Reading

HHS Releases Guidance on HIPAA De-Identification Standard

By Rachel Grunberger and Anna Kraus On Monday, the U.S. Department of Health and Human Services (HHS) released guidance on methods for de-identification of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.  The guidance, which was required under Section 13424(c) of the Health Information Technology for … Continue Reading

HHS Settles HIPAA Case With Heart Surgery Center

By Anna Kraus and Rachel Grunberger The Department of Health and Human Services (HHS) announced on Tuesday that Phoenix Cardiac Surgery, P.C. (Phoenix) agreed to pay $100,000 and implement a corrective action plan to come into full compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  HHS had been investigating the Arizona … Continue Reading

Final HIPAA/HITECH Rule Expected by July

By Anna Kraus and Rachel Grunberger The Department of Health and Human Services (HHS) has submitted to the Office of Management and Budget (OMB) the long-awaited final rule implementing changes to the Health Insurance Portability and Accountability Act (HIPAA) regulations mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The OMB … Continue Reading
LexBlog