On February 6, the U.S. Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”), announced that it had settled a cybersecurity investigation with Montefiore Medical Center (“Montefiore”), a non-profit hospital system based in New York City, for $4.75 million. As brief background, OCR is responsible for administering and enforcing the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”). Among other things, HIPAA requires that regulated entities take steps to protect the privacy and security of patients’ protected health information (“PHI”).Continue Reading HHS Settles Malicious Insider Cybersecurity Investigation for $4.75 Million
OCR
Significant HIPAA Fine Follows Business Associate’s Stolen iPhone
A new post over on Covington’s eHealth blog discusses a recent enforcement action taken by the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) against Catholic Health Care Services, a business associate under HIPAA, arising out of a stolen iPhone. This recent enforcement…
Continue Reading Significant HIPAA Fine Follows Business Associate’s Stolen iPhone
OCR Steps Up HIPAA Enforcement Following Breaches of Protected Health Information
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has been busy. In addition to its recent efforts to begin audits of covered entities and business associates, OCR has announced a slew of enforcement actions against covered entities for alleged HIPAA violations.
Continue Reading OCR Steps Up HIPAA Enforcement Following Breaches of Protected Health Information
Phase 2 HIPAA Audits Underway
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has begun to audit covered entities and business associates for compliance with HIPAA. A new post on the Covington eHealth blog discusses recent developments in OCR’s efforts to move these audits forward.
Continue Reading Phase 2 HIPAA Audits Underway
HHS Encourages Patients to Exercise Right to Access Health Records
The Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) recently released a one-page message from OCR Director Leon Rodriguez encouraging patients to exercise the right to access their medical records. Generally, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) grants patients the right to…
Continue Reading HHS Encourages Patients to Exercise Right to Access Health Records
Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule
The Senate Judiciary Subcommittee on Privacy, Technology, and Law recently held a hearing to discuss federal enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, entitled “Your Health and Your Privacy: Protecting Health Information in a Digital World.” In that hearing, Subcommittee Chairman Al Franken (D-MN) told officials from the Department of Health and Human Services (HHS) and the Department of Justice (DOJ) that “the overall record of [HIPAA] enforcement is simply not satisfactory,” and asked why so few HIPAA complaints are actually prosecuted. Franken and other panelists also emphasized the need for a final rule to implement the HITECH Act’s amendments to the HIPAA Privacy and Security Rules.
Franken’s opening statement outlined the benefits of electronic health records, but emphasized that “we need to do more to protect this data and that is what this hearing is all about.”
The first panel included U.S. Attorney Loretta Lynch, who also serves on the Health Care Fraud Working Group of the Attorney General’s Advisory Committee, and Leon Rodriguez, Director of the HHS Office for Civil Rights (OCR). Both officials underscored their agencies’ commitment to enforcing medical privacy laws through HIPAA’s Privacy and Security Rules and the new HITECH Act. Lynch testified about recent DOJ efforts to enforce HIPAA’s criminal provisions, while Rodriguez cited OCR cases against Massachusetts General Hospital and CVS/Rite Aid that led to substantial fines.Continue Reading Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule
HIPAA Privacy, Security Rules Are “Quite Far Along”
Last week, Sue McAndrew, deputy director for health information privacy at the Office of Civil Rights in the Health and Human Services Department, said that OCR was “quite far along” on its efforts to adopt a final rule implementing changes to the HIPAA regulations pursuant to the HITECH Act. She…
Continue Reading HIPAA Privacy, Security Rules Are “Quite Far Along”