Articles and Blogs

HIPAA

Don’t Forget! HIPAA Breaches Affecting Fewer Than 500 Must Be Reported to OCR by March 1, 2017

[02/21/17]

Posted on February 21, 2017 in Health Law News

Published by: Hall Render

Under the Breach Notification Rule, HIPAA covered entities are required to submit reports of certain breaches of unsecured protected health information (“PHI”) affecting fewer than 500 individuals to the Office for Civil Rights (“OCR”) on an annual basis. Covered entities must submit their breaches electronically through OCR’s breach notification web page, which can be... READ MORE

Tags: , , , ,

OCR Announces Largest Single-Entity Settlement to Date

[08/18/16]

Posted on August 18, 2016 in Health Law News

Published by: Hall Render

On August 4, the Office for Civil Rights (“OCR”) announced a $5.55 million settlement with the largest fully integrated health care system in Illinois. The settlement is the largest HIPAA settlement ever by a single entity and follows two recent settlements with university health systems in Oregon and Mississippi that were $2.7 million and... READ MORE

Tags:

Did You Get an OCR HIPAA Audit Letter or a Golden Pass?

[07/19/16]

Posted on July 19, 2016 in Health Law News

Published by: Hall Render

The Office for Civil Rights (“OCR”), Department of Health and Human Services (“HHS”), emailed notices to 167 covered entities on July 11, 2016 informing them they were selected for a HIPAA Phase II audit. Health care providers, health plans and health care clearinghouses were randomly selected by OCR from the audit pool. If your organization... READ MORE

Tags:

HIPAA on the Small Screen: OCR Penalizes Unauthorized Patient Filming

[04/27/16]

Posted on April 27, 2016 in Health Law News

Published by: Hall Render

On April 21, 2016, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced a $2.2 million settlement with a New York hospital (“Hospital”) stemming from unauthorized patient filming by ABC’s NY Med television show. In what OCR called an egregious disclosure of protected health information (“PHI”) in violation of... READ MORE

Tags:

Business Associate Agreements Are Critical to HIPAA Compliance: OCR Announces $755,000 Settlement Action

[04/26/16]

Posted on April 26, 2016 in Health Law News

Published by: Hall Render

On April 19, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) reached a settlement in the amount of $755,000 with a North Carolina orthopedic clinic (“Clinic”) for failing to execute a business associate agreement with a third-party vendor. This is OCR’s second settlement this year related to business... READ MORE

Tags: ,

Patients’ Access Rights and Permissible Fees Under HIPAA

[03/22/16]

Posted on March 22, 2016 in Health Law News

Published by: Hall Render

On January 7, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) released new guidance clarifying an individual’s right to access his or her medical record under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). On February 25, 2016, OCR released additional guidance explaining the permissible reasonable cost-based... READ MORE

Tags:

EEOC Changes Position Statement Procedures: Health Care Employers Should Take Note

[02/26/16]

Posted on February 26, 2016 in HR Insights for Health Care

Written by: Sevilla Rhoads

Starting at the beginning of 2016, the Equal Employment Opportunity Commission (“EEOC”) has changed its procedures when it comes to employer position statements submitted in response to charges of discrimination. Now, the EEOC will release complete employer position statements and attachments to any charging party and their attorney who request release. In the past, the... READ MORE

Tags: , , , ,

Safe Harbor Agreement Between United States and EU Ruled Invalid

[10/06/15]

Posted on October 6, 2015 in Health Information Technology

Written by: Alisa C. Kuehn

For years, companies in the United States have relied on a Safe Harbor to the EU Directives (the stringent privacy requirements imposed by the European Union) to qualify for the ability to transfer protected data between EU countries and the United States. Today, however, the European Court of Justice ruled that the agreement between... READ MORE

Tags: , , , ,

Double Trouble: Lack of Safeguards with Internet Document Sharing Application and Mobile Devices Results in $218,400 HIPAA Settlement for Hospital

[07/20/15]

Posted on July 20, 2015 in Health Law News

Published by: Hall Render

Two separate alleged HIPAA violations resulted in an enforcement action by the Department of Health and Human Services (“HHS”) against a Massachusetts hospital (“Hospital”).  On July 10, 2015, the HHS Office for Civil Rights (“OCR”) announced a $218,400 settlement with the Hospital to resolve HIPAA investigations into two issues:READ MORE

Tags:

HHS Settles with Colorado Pharmacy over Disposal of Patient Records

[04/29/15]

Posted on April 29, 2015 in Health Law News

Published by: Hall Render

On April 27, 2015, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced that it entered into a settlement with a Colorado pharmacy (“Pharmacy”) arising from alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule.  Under the settlement, the Pharmacy agreed to pay $125,000 in... READ MORE

Tags: