OCR reaches a new $1.3 million dollar settlement with a health plan for HIPAA violations. OCR says, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.” Employers that offer Employee Benefits must evaluate if they are responsible for a health plan with HIPAA compliance obligations.
Genetic Testing Company Violates Privacy and Security Policies, FTC Says.
Genetic testing companies, and those who partner with them, must take care to ensure that the scope of how consumers’ sensitive data is used and shared in the future aligns with the scope of consent that was granted by the consumer at the point of collection. The FTC found that a California-based genetic testing company informed consumers that it would only share consumers’ sensitive health and other personal information “in limited circumstances,” but then expanded sharing such information with new third parties, like supermarket chains. The FTC has now stepped up to protect consumers’ sensitive genetic information.
ONC Says “Vetting” Mobile Apps is Information Blocking
ONC says actors that require third-party apps to be “vetted” by them for security reasons before allowing patients to use such apps to receive EHI via API technology certified to the Standardized API certification criterion is likely to be information blocking. However, my concern with relying solely on the security criteria required for API certification is that it is too low of a bar to adequately protect patients and other individuals from developers of apps that fail to keep promises to keep individuals’ information confidential.
Not So Sunny News in Arizona – Major Health Care System Agrees to Pay $1.25 Million HIPAA Settlement for Cybersecurity Hacking Incident from 2016
The forecast for Arizona is thunderstorms, at least for at least one health care system. Last week, OCR announced a $1.25 settlement for HIPAA Security Rule violations brought to light by a cybersecurity hacking incident that took place over five years ago.
Fifth Circuit Vacates $4.3M MD Anderson Penalty
The Court of Appeals for the Fifth Circuit vacated the $4.3M penalty imposed on M.D. Anderson as arbitrary, capricious and contrary to law.
Info Blocking Rules have you STRESSED?!! Join Helen O. for Two Not-to-Miss Workshops for Help!
Join me for a pair of 1.5hr Information Blocking Workshops designed to work thorough the nitty-gritty details of the Information Blocking Rule. The first Workshop will take place WEDNESDAY (9/30) so don’t delay! Workshops will include use cases and scenarios aimed at real challenges faced by health care providers looking to comply with these new regulatory standards for access and sharing of electronic health information. Registrants will receive 2 sample P&Ps, and much more!