Articles and Blogs

Health Information Technology

AMCA Breach of PHI and PII

[06/07/19]

Posted on June 7, 2019 in Health Information Technology

Published by: Hall Render

American Medical Collection Agency (“AMCA”), a collection agency that works primarily with health care companies, recently announced a breach of protected health information (“PHI”) and personally identifiable information (“PII”) affecting over 19.6 million patients. Quest Diagnostics and LabCorp, both clients of AMCA, have reported that their patients have been impacted by the incident. AMCA... READ MORE

Tags: , , , , ,

Ten Types of Enforcement Actions OCR May Take Directly Against Business Associates

[06/04/19]

Posted on June 4, 2019 in Health Information Technology

Published by: Hall Render

The Office for Civil Rights (“OCR”) issued a factsheet detailing ten ways a business associate can be held directly liable for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as provided by the Health Information Technology for Economic Clinical Health (“HITECH”) Act of 2009. Although covered entities are ultimately responsible... READ MORE

Tags: , , , ,

Consider Website and Other Technology Accessibility Obligations to Better Serve Your Community and Avoid Litigation and Loss of Federal Funding

[03/01/19]

Posted on March 1, 2019 in Health Information Technology

Published by: Hall Render

Health care providers are increasingly relying on technology to market, communicate with and otherwise provide services to their community, such as information about services provided on the website, patient portals, check-in kiosks and mobile applications. In using technology to communicate with patients and the larger community, it is important to remember the importance of... READ MORE

Tags: , , , , , ,

Repeated Breaches of ePHI Result in a $3 Million Fine, Capping Off OCR’s “Record Year” of 2018 Enforcement Actions

[02/19/19]

Posted on February 19, 2019 in Health Information Technology

Published by: Hall Render

The Office for Civil Rights (“OCR”) announced that a health system in California (the “System”) was required to pay a $3 million fine and adopt an extensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The System operates several hospitals, including a rehabilitation hospital... READ MORE

Tags: , , , , , , ,

Business Associate’s Data Breach Leads to $500,000 Fine for Hospitalist Group

[12/10/18]

Posted on December 10, 2018 in Health Information Technology

Published by: Hall Render

The Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced on December 4, 2018 that a hospitalist group (“Group”) that works with hospitals and nursing homes to provide internal medicine physicians has agreed to pay $500,000 and adopt a corrective action plan to settle alleged violations of the Health Insurance... READ MORE

Tags: , , , ,

Disclosing PHI to a Reporter Leads to $125,000 HIPAA Settlement

[11/29/18]

Posted on November 29, 2018 in Health Information Technology

Published by: Hall Render

The Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”), announced that a small professional association with three doctors and four locations (the “Practice”) has agreed to pay $125,000 and adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The... READ MORE

Tags: , , , ,

Largest Health Data Breach = Largest OCR Settlement in History

[10/19/18]

Posted on October 19, 2018 in Health Information Technology

Published by: Hall Render

On October 15, 2018, the Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced that it had reached a record $16 million settlement with Anthem arising out of alleged violations of the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The settlement comes... READ MORE

Tags: , , , , , ,

Hospitals Fined for Allowing Documentary Film Crews to Film Patients Without Consent

[09/24/18]

Posted on September 24, 2018 in Health Information Technology

Published by: Hall Render

The Department of Health and Human Services Office for Civil Rights (“OCR”) fined three separate hospitals a cumulative total of $999,000 to settle potential violations of HIPAA arising from allowing film crews on premises to film a reality television show without first obtaining patient authorizations. The OCR Resolution Agreement can be found here. Generally, a... READ MORE

Tags: , , , ,

SAMHSA Releases Additional Changes to 42 CFR “Part 2” Substance Use Disorder Confidentiality Regulations

[01/26/18]

Posted on January 26, 2018 in Health Information Technology

Published by: Hall Render

On January 3, 2018, the United States Department of Health and Human Services (“HHS”) Substance Abuse and Mental Health Services Administration (“SAMHSA”) issued final regulations (“Final Rule“)[i] intended to update and modernize the Confidentiality of Substance Use Disorder Patient Records regulations at Title 42 of the Code of Federal Regulations, Part 2 (“Part 2“).[ii]... READ MORE

SSAE 18 Replaces SSAE 16 Data Security Audit Standard – Practical Takeaways

[01/22/18]

Posted on January 22, 2018 in Health Information Technology

Published by: Hall Render

As hospitals and health-related entities, like other businesses, continue to shift application hosting and data storage to the cloud and to third party data centers, they should consider what obligations to place on vendors that provide such hosting and data storage services to promote data security. One such obligation may be to require hosting... READ MORE

Tags: , , , , ,