Blog Posts: HIPAA
In 2012, the Department of Health and Human Services (HHS) audited select healthcare organizations for compliance with the Health Insurance Portability and Accountability Act (HIPAA). The agency’s findings revealed some common privacy and security mistakes among both large and small organizations:
The term “big data” refers to sets of information so large that they are difficult to process using traditional database techniques. The healthcare industry has recently started using big data to solve many issues affecting patient care. Big data is able to increase the quality of healthcare — while simultaneously lowering the cost — by revealing certain patterns and trends that would otherwise be unavailable to healthcare providers.
On January 17, 2013, the U.S. Department of Health and Human Services ("HHS") issued a final rule ("Omnibus Rule") that affects multiple aspects of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). The Omnibus Rule expands privacy, security, enforcement standards and breach-notification requirements, and it implements several changes to the law made by the HITECH Act of 2009.
The Department of Health and Human Services (HHS) Office of Civil Rights (OCS) recently announced that a small non-profit hospice has agreed to pay $50,000 to settle potential HIPAA-HITECH security-rule violations arising from a breach affecting 441 patients. The settlement is notable for being the first that involves a data breach affecting fewer than 500 individuals. The settlement appears a signal that OCS intends to enforce HIPAA-HITECH security rules against covered entities regardless of the size of the breach. As the healthcare industry transitions to entirely electronic recordkeeping, it is a high priority for HHS to ensure that covered entities of all sizes implement adequate protections for electronic protected health information (ePHI).
The Department of Health and Human Services (HHS) is taking enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule very seriously. In a recent case, a Massachusetts physician eye-and-ear group practice agreed to pay $1.5 million to settle alleged violations of the Security Rule based on an incident where a personal laptop was stolen.
Most organizations have been providing HIPAA training to employees for years. However, given recent regulatory and enforcement changes, here are ten reasons why now is the best time to ensure that your organization’s HIPAA training is up to date.
The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) recently posted on its website the protocol it is using for its Health Insurance Portability and Accountability Act (HIPAA) compliance audits. A report by the Ropes & Gray LLP law firm recommends that covered entities and business associates use the information in the protocols to review their current practices.
As ever more important and sensitive data is being stored on laptops, the risk of data breaches continues to rise. Reports of another significant data breach resulting from the theft of a laptop serve as a reminder of how vulnerable sensitive data is to theft and how it's critical that employees take care to protect the data in their possession.
Small-practice doctors and solo practitioners beware: The small size of your practice won't save you from being fined for violations of the Health Insurance Portability and Accountability Act Privacy and Security Rules. The Office for Civil Rights of the Department of Health and Human Services recently imposed a $100,000 civil penalty against a five-physician cardiac-surgery practice in Phoenix and Prescott, Arizona for HIPAA violations.
The federal Health Insurance Portability and Accountability Act (HIPAA) restricts the way that certain "covered entities" may use and disclose health information, in order to protect healthcare consumers' privacy. Before 2009, only the federal government could bring a civil lawsuit against HIPAA violators, but the passage of the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH) extended that power to the states. In addition, under HITECH, "business associates" that contract with covered entities face potential civil liability for HIPAA violations.