Tag Archives: protected health information

FDA Releases Final Guidance on Cybersecurity in Medical Devices, Public Workshop to Follow on October 21-22, 2014

On October 2, 2014, the Food and Drug Administration (FDA) released a final guidance document titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”.  The FDA said that the “need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and … Continue Reading

FTC Announces Settlement With Accretive Health Over Data Breach

The Federal Trade Commission (FTC) recently announced a settlement with Accretive Health, Inc., a provider of medical billing and revenue management services to hospitals.  The FTC’s complaint alleged that Accretive failed to provide reasonable and appropriate security for consumers’ personal information, and this failure constituted an unfair act or practice in violation of Section 5 … Continue Reading

HHS Settles HIPAA Privacy Case With California Medical Center

By Anna Kraus The Department of Health and Human Services (HHS) announced on June 14 that it reached a settlement with Shasta Regional Medical Center (SRMC) in California over potential violations of the HIPAA Privacy Rule.  Under the settlement, SRMC agreed to pay $275,000 and implement a comprehensive corrective action plan (CAP). HHS’s investigation was … Continue Reading

HITECH Update #4: HHS Relaxes HIPAA Requirements for Research Authorizations

This post is part of our series on key aspects of the final HITECH omnibus rule issued by the U.S. Department of Health and Human Services (HHS) on January 17, 2013 (available here), and scheduled to be published in the Federal Register on January 25.  Previous posts are available here.  The regulations are effective March 26, 2013, … Continue Reading

HHS Issues Long-Awaited Final HITECH Regulations

By Anna Kraus The U.S. Department of Health and Human Services has issued its long-awaited final omnibus rule modifying the privacy, security, enforcement, and breach notification regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The rule is based on statutory changes under the Health Information Technology for Economic and Clinical Health … Continue Reading

HHS Releases Guidance on HIPAA De-Identification Standard

By Anna Kraus On Monday, the U.S. Department of Health and Human Services (HHS) released guidance on methods for de-identification of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.  The guidance, which was required under Section 13424(c) of the Health Information Technology for Economic and Clinical … Continue Reading

HHS Announces $1.5 Million HIPAA Settlement with Massachusetts Provider

On September 17, the Department of Health and Human Services (HHS) announced a settlement with Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (collectively, MEEI) for alleged violations of the HIPAA Security Rule.  Under the Resolution Agreement, MEEI agreed to pay $1.5 million to HHS and take corrective action to improve … Continue Reading

Court Dismisses Minnesota AG’s HIPAA Enforcement Action Against Business Associate Following Settlement

Earlier this month, the federal district court in Minnesota dismissed a lawsuit brought earlier this year by the Minnesota Attorney General (AG) against Accretive Health, Inc., a business associate of hospitals, after the parties reached a settlement.  In the lawsuit, which we previously discussed here, the Minnesota AG alleged that the company violated various provisions … Continue Reading

HHS Publishes HIPAA Audit Protocol

By Anna Kraus The Department of Health and Human Services (HHS) has posted on its website the protocol for the HIPAA audits required under the HITECH Act.  Section 13411 of the HITECH Act requires HHS to provide for periodic audits to ensure that covered entities and business associates are in compliance with the HIPAA standards for … Continue Reading

Alaska Medicaid Agrees to Pay $1.7 Million to Settle HIPAA Security Case

By Anna Kraus The Department of Health and Human Services (HHS) announced yesterday that the Alaska Department of Health and Social Services, Alaska’s State Medicaid agency (Alaska Medicaid), has agreed to pay $1.7 million to HHS to settle potential violations of the HIPAA Security Rule.  This is HHS’s first HIPAA enforcement action against a State … Continue Reading

OMB Extends Review of HIPAA/HITECH Rule

By Anna Kraus The long-awaited final rule implementing changes to the Health Insurance Portability and Accountability Act (HIPAA) regulations mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act has been delayed once again.  Although the rule was expected by July, the Office of Management and Budget (OMB) has updated its website … Continue Reading

HHS Settles HIPAA Case With Heart Surgery Center

By Anna Kraus The Department of Health and Human Services (HHS) announced on Tuesday that Phoenix Cardiac Surgery, P.C. (Phoenix) agreed to pay $100,000 and implement a corrective action plan to come into full compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  HHS had been investigating the Arizona physician practice for … Continue Reading

HHS Considers Providing Right to Receive Test Reports Directly From Labs

The U.S. Department of Health and Human Services (HHS) is currently accepting comments on a proposed rule that would amend regulations under the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  Under the HIPAA Privacy Rule, individuals have the right of access to their protected … Continue Reading

OIG Finds CMS Oversight of the HIPAA Security Rule Insufficient to Ensure Covered Entity Compliance

By Anna Kraus In a previous post, we highlighted two reports recently issued by Department of Health and Human Services (HHS) Office of Inspector General (OIG), which criticize HHS’s oversight of health information privacy and security.  In today’s post, we provide greater detail regarding one of those reports (Nationwide Rollup Review of the Centers for … Continue Reading

HHS Announces $1 Million HIPAA Settlement

Two days after imposing the first-ever civil money penalty for HIPAA violations, the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) announced that Massachusetts General Hospital (Mass General) has agreed to pay $1 million to settle potential violations of the HIPAA Privacy Rule. OCR initiated an investigation of Mass … Continue Reading

HHS Imposes $4.3 Million Civil Money Penalty for HIPAA Privacy Violations

The Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) announced Tuesday that it has issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, Maryland (Cignet) violated the HIPAA Privacy Rule.  HHS imposed a $4.3 million civil money penalty on Cignet for the violations—the first … Continue Reading

Report: Over 6 Million Individuals Affected by PHI Breaches Since August 2009

A total of 225 breaches of protected health information (PHI) affecting 6,067,751 individuals have been recorded since the HIPAA breach notification rule was issued in August 2009 pursuant to the HITECH Act, according to a report by Redspin, a provider of HIPAA risk analysis and IT assessment services. According to the report: Single breaches affecting … Continue Reading

HIPAA/HITECH Regulations are Coming: What do Pharmaceutical Companies Need to Know? (Part 5 of 5)

In our final post on what pharmaceutical companies should know about the forthcoming HIPAA/HITECH regulations, we will discuss provisions in the proposed rule relating to the sale of protected health information.  We previously covered the Department of Health and Human Service’s  (HHS) proposed treatment of communications about currently prescribed drugs, remunerated treatment communications, authorizations for … Continue Reading
LexBlog