Tag Archives: HITECH Act

WEDI Issues Guidance for Assessment of Potential Breaches under HIPAA

Recently, the Workgroup for Electronic Data Interchange (WEDI) published a Breach Risk Assessment Issue Brief for stakeholders to use in analyzing whether a breach of  protected health information (PHI) has occurred under the Health Insurance Portability and Accountability Act (HIPAA).  Background Under HIPAA’s breach notification rule, covered entities and business associates are required to notify … Continue Reading

HHS OIG Releases Report on HIPAA Enforcement Efforts

Recently, the Office of Inspector General (OIG) at HHS released a report on the HIPAA enforcement efforts of HHS’s Office for Civil Rights (OCR).  Specifically, the OIG looked at whether OCR’s efforts to enforce HIPAA’s Security Rule were adequate.  The OIG’s findings may lead to increased enforcement efforts by OCR.  Background on the Security Rule … Continue Reading

HHS Issues Guidance on Refill Reminders under HIPAA

On September 19, HHS released additional guidance on the “refill reminder exception” in HIPAA, which allows — in some circumstances — paid communications regarding a drug or biologic currently prescribed to a patient. Background In January 2013, HHS finalized new restrictions on marketing as part of the final omnibus rule implementing changes to HIPAA under … Continue Reading

HHS to Issue Guidance on HIPAA Marketing Restrictions

In a court filing on September 11, 2013, attorneys for the U.S. Department of Health and Human Services (HHS) announced that HHS intends to issue further guidance on certain new marketing restrictions under HIPAA, finalized last January as part of the final HITECH omnibus rule, and to delay enforcement of those new marketing restrictions until … Continue Reading

HITECH Update #10: HHS Releases First Sample Business Associate Agreement Provisions Since HITECH Act, Omnibus Rule

This post is part of our series on key aspects of the final HITECH omnibus rule published by the U.S. Department of Health and Human Services (HHS) in the Federal Register on January 25, 2013. Previous posts are available here. The regulations are effective March 26, 2013, but covered entities and business associates have until … Continue Reading

HITECH Update #9: Omnibus Rule Revises Individual Rights to Request Restrictions, Access to Protected Health Information

This post is part of our series on key aspects of the final HITECH omnibus rule published by the U.S. Department of Health and Human Services (HHS) in the Federal Register on January 25, 2013. Previous posts are available here. The regulations are effective March 26, 2013, but covered entities and business associates have until … Continue Reading

HITECH Update # 7: New HIPAA Requirements for Business Associates and Their Subcontractors

This post is part of our series on key aspects of the final HITECH omnibus rule published by the U.S. Department of Health and Human Services (HHS) in the Federal Register on January 25, 2013. Previous posts are available here. The regulations are effective March 26, 2013, but covered entities and business associates have until … Continue Reading

HITECH Update #4: HHS Relaxes HIPAA Requirements for Research Authorizations

This post is part of our series on key aspects of the final HITECH omnibus rule issued by the U.S. Department of Health and Human Services (HHS) on January 17, 2013 (available here), and scheduled to be published in the Federal Register on January 25.  Previous posts are available here.  The regulations are effective March 26, 2013, … Continue Reading

HHS Issues Long-Awaited Final HITECH Regulations

By Anna Kraus The U.S. Department of Health and Human Services has issued its long-awaited final omnibus rule modifying the privacy, security, enforcement, and breach notification regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The rule is based on statutory changes under the Health Information Technology for Economic and Clinical Health … Continue Reading

Court Dismisses Minnesota AG’s HIPAA Enforcement Action Against Business Associate Following Settlement

Earlier this month, the federal district court in Minnesota dismissed a lawsuit brought earlier this year by the Minnesota Attorney General (AG) against Accretive Health, Inc., a business associate of hospitals, after the parties reached a settlement.  In the lawsuit, which we previously discussed here, the Minnesota AG alleged that the company violated various provisions … Continue Reading

HHS Publishes HIPAA Audit Protocol

By Anna Kraus The Department of Health and Human Services (HHS) has posted on its website the protocol for the HIPAA audits required under the HITECH Act.  Section 13411 of the HITECH Act requires HHS to provide for periodic audits to ensure that covered entities and business associates are in compliance with the HIPAA standards for … Continue Reading

Alaska Medicaid Agrees to Pay $1.7 Million to Settle HIPAA Security Case

By Anna Kraus The Department of Health and Human Services (HHS) announced yesterday that the Alaska Department of Health and Social Services, Alaska’s State Medicaid agency (Alaska Medicaid), has agreed to pay $1.7 million to HHS to settle potential violations of the HIPAA Security Rule.  This is HHS’s first HIPAA enforcement action against a State … Continue Reading

OMB Extends Review of HIPAA/HITECH Rule

By Anna Kraus The long-awaited final rule implementing changes to the Health Insurance Portability and Accountability Act (HIPAA) regulations mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act has been delayed once again.  Although the rule was expected by July, the Office of Management and Budget (OMB) has updated its website … Continue Reading

Final HIPAA/HITECH Rule Expected by July

By Anna Kraus The Department of Health and Human Services (HHS) has submitted to the Office of Management and Budget (OMB) the long-awaited final rule implementing changes to the Health Insurance Portability and Accountability Act (HIPAA) regulations mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The OMB has up to … Continue Reading

Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule

The Senate Judiciary Subcommittee on Privacy, Technology, and Law recently held a hearing to discuss federal enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, entitled “Your Health and Your Privacy: Protecting Health Information in a Digital World.” In that hearing, Subcommittee … Continue Reading

HHS Imposes $4.3 Million Civil Money Penalty for HIPAA Privacy Violations

The Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) announced Tuesday that it has issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, Maryland (Cignet) violated the HIPAA Privacy Rule.  HHS imposed a $4.3 million civil money penalty on Cignet for the violations—the first … Continue Reading

Report: Over 6 Million Individuals Affected by PHI Breaches Since August 2009

A total of 225 breaches of protected health information (PHI) affecting 6,067,751 individuals have been recorded since the HIPAA breach notification rule was issued in August 2009 pursuant to the HITECH Act, according to a report by Redspin, a provider of HIPAA risk analysis and IT assessment services. According to the report: Single breaches affecting … Continue Reading
LexBlog