Tag Archives: HIPAA Security Rule

HHS Announces More HIPAA Enforcement Actions

The beginning of 2017 has brought a number of HIPAA enforcement actions involving covered entities. These enforcement actions indicate that HHS is continuing recent efforts to step up HIPAA enforcement and levy significant penalties for non-compliance. In January, HHS announced that it had reached a $475,000 settlement with a large health care network for failure … Continue Reading

Significant HIPAA Fine Follows Business Associate’s Stolen iPhone

A new post over on Covington’s eHealth blog discusses a recent enforcement action taken by the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) against Catholic Health Care Services, a business associate under HIPAA, arising out of a stolen iPhone.  This recent enforcement action should put business associates … Continue Reading

OCR Steps Up HIPAA Enforcement Following Breaches of Protected Health Information

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has been busy.  In addition to its recent efforts to begin audits of covered entities and business associates, OCR has announced a slew of enforcement actions against covered entities for alleged HIPAA violations.… Continue Reading

Two HIPAA Settlements Follow Stolen Laptops

Recently, HHS Office of Civil Rights (OCR) announced that it has entered into settlement agreements with two entities following enforcement actions, both arising from stolen laptops that were not encrypted in accordance with the Security Rule.  According to HHS, an unencrypted laptop was stolen from a physical therapy center in Springfield, Missouri.  The center was … Continue Reading

HHS OIG Releases Report on HIPAA Enforcement Efforts

Recently, the Office of Inspector General (OIG) at HHS released a report on the HIPAA enforcement efforts of HHS’s Office for Civil Rights (OCR).  Specifically, the OIG looked at whether OCR’s efforts to enforce HIPAA’s Security Rule were adequate.  The OIG’s findings may lead to increased enforcement efforts by OCR.  Background on the Security Rule … Continue Reading

HHS Announces $1.7 Million HIPAA Settlement With WellPoint

On July 11, the Department of Health and Human Services (HHS) announced that WellPoint, a managed care company, paid HHS $1.7 million to settle potential violations of the HIPAA Privacy and Security Rules.  Like other recent enforcement actions, HHS initiated its investigation into WellPoint after the company provided notification of a breach of unsecured protected … Continue Reading

HHS Releases Unofficial Set of Combined HIPAA Regulations

On June 11, the Department of Health and Human Services released an unofficial version of all of the HIPAA regulatory standards in one document.  The combined regulation text includes the following HIPAA standards: Transactions and Code Set Standards Identifier Standards Privacy Rule Security Rule Enforcement Rule Breach Notification Rule The document reflects the changes in … Continue Reading

HITECH Update # 7: New HIPAA Requirements for Business Associates and Their Subcontractors

This post is part of our series on key aspects of the final HITECH omnibus rule published by the U.S. Department of Health and Human Services (HHS) in the Federal Register on January 25, 2013. Previous posts are available here. The regulations are effective March 26, 2013, but covered entities and business associates have until … Continue Reading

HHS Issues Long-Awaited Final HITECH Regulations

By Anna Kraus and Rachel Grunberger The U.S. Department of Health and Human Services has issued its long-awaited final omnibus rule modifying the privacy, security, enforcement, and breach notification regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The rule is based on statutory changes under the Health Information Technology for Economic … Continue Reading

HHS Announces $1.5 Million HIPAA Settlement with Massachusetts Provider

On September 17, the Department of Health and Human Services (HHS) announced a settlement with Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (collectively, MEEI) for alleged violations of the HIPAA Security Rule.  Under the Resolution Agreement, MEEI agreed to pay $1.5 million to HHS and take corrective action to improve … Continue Reading

Alaska Medicaid Agrees to Pay $1.7 Million to Settle HIPAA Security Case

By Anna Kraus and Rachel Grunberger The Department of Health and Human Services (HHS) announced yesterday that the Alaska Department of Health and Social Services, Alaska’s State Medicaid agency (Alaska Medicaid), has agreed to pay $1.7 million to HHS to settle potential violations of the HIPAA Security Rule.  This is HHS’s first HIPAA enforcement action … Continue Reading

HHS Settles HIPAA Case With Heart Surgery Center

By Anna Kraus and Rachel Grunberger The Department of Health and Human Services (HHS) announced on Tuesday that Phoenix Cardiac Surgery, P.C. (Phoenix) agreed to pay $100,000 and implement a corrective action plan to come into full compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  HHS had been investigating the Arizona … Continue Reading

Final HIPAA/HITECH Rule Expected by July

By Anna Kraus and Rachel Grunberger The Department of Health and Human Services (HHS) has submitted to the Office of Management and Budget (OMB) the long-awaited final rule implementing changes to the Health Insurance Portability and Accountability Act (HIPAA) regulations mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The OMB … Continue Reading

OIG Finds CMS Oversight of the HIPAA Security Rule Insufficient to Ensure Covered Entity Compliance

By Anna Kraus & Rachel Grunberger In a previous post, we highlighted two reports recently issued by Department of Health and Human Services (HHS) Office of Inspector General (OIG), which criticize HHS’s oversight of health information privacy and security.  In today’s post, we provide greater detail regarding one of those reports (Nationwide Rollup Review of … Continue Reading

OIG Criticizes HHS Oversight of the HIPAA Security Rule, Data Security Controls in Health IT Standards

By Anna Kraus and Rachel Grunberger Last week, the Office of Inspector General (OIG) within the Department of Health and Human Services (HHS) issued two audit reports regarding federally mandated data security measures for health information.  Both reports are highly critical of HHS’s efforts to protect the security of electronic health information. In the first … Continue Reading
LexBlog