“Top 10” List for Security Law Compliance As we bid farewell to late night comedy host David Letterman, I thought it appropriate and timely to give a nod to one of Letterman’s most iconic segments, his “Top 10”, with my own Top 10 list for complying with applicable Security Law: #10. THE HIPAA...
What Is a “Conduit” and When Do They Cross The HIPAA BA Line? [1] As health information organizations (HIOs) start to facilitate secure networked health information exchange (HIE), the question of whether the HIO is or is not a HIPAA business associate (BA) almost always comes up. In the...
Document Disposal Company Responsible for old Patient Records found in Park Over 277,000 patients were notified by Texas Health Harris Methodist Hospital in Fort Worth (“Texas Health Fort Worth”) earlier this month of a breach of their health information. Only patients seen between...
Lessons from the Idaho State University CAP Back in 2011, Idaho State University (Idaho State) experienced a breach of PHI affecting approximately 17,500 individuals after firewalls on its servers were disabled at one of its outpatient clinics. It appropriately notified HHS in August of...
What Do I Need To Do to Comply with the HITECH Omnibus Rule? (the short version, please) The HITECH Omnibus Rule clocked-in at 563 pages, and we have read, digested and condensed the nuts and bolts for you here in our February 2013 edition of our Health Law Diagnosis newsletter. But if...
Deciphering the HITECH Omnibus Rule: Business Associates Since the HITECH Notice of Proposed Rulemaking (NPRM) was released in July of 2010, covered entities and business associates have been waiting (im)patiently for the Final HITECH Omnibus Rule to be released. As of this past...
FINALLY! HHS Releases the Final HIPAA/HITECH Omnibus Rule. Finally, the long awaited Final Rules are out. The Department of Health and Human Services (HHS) posted the HIPAA/HITECH “Omnibus Rule” on January 17, 2013 at 4:15 pm. You can download a copy here, or go straight to the source...
Kaiser Permanente Faces Investigation Over Inappropriate Storage of Patient Records by Contractor Kaiser Permanente is facing investigation over the handling of approximately 300,000 patient records by a contract storage firm. According to an article in the LA Times, Kaiser contracted...
HHS Rings in 2013 with News of Settlement for Small Breach We hope all of our readers had a happy and relaxing holiday season, and we wish you all the best for this New Year! It seems fitting for the first post of the year to revolve around HHS’s announcement of its first breach settlement...
OCR Releases HIPAA De-identification Q&A Guidance With the weekend coming up, why not take a break from the holiday frenzy and read through OCR’s new HIPAA De-identification guidance. The approximately 30-page guidance document is an easy read, even for those of us who aren’t...
OCR Releases HIPAA Audit Protocol as Audits Continue Without pomp and circumstance, OCR made available its protocol for the HIPAA performance audits conducted pursuant to the HITECH audit requirement. The Audit Protocol covers the Privacy, Security and Breach Notification Rules,...
Cardiac Surgery MD Group Agrees to Pay 0,000 Settlement to HHS for Lack of HIPAA safeguards And the HIPAA money keeps rolling to the feds. The latest settlement (announced today) is with a cardiac surgery physician group in Phoenix, Arizona, which has agreed to pay a hefty sum after someone...
Utah Medicaid Claims Data Hacked Affecting Over 24,000 The Utah Department of Health (UDOH) has experienced a data breach of its Medicaid claims data of over 24,000 individuals. The breach was reported to UDOH by the Utah Technology Services Department on Monday, April 2nd, and while...
Feb 29th is Last Day to Report Breaches of <500 to HHS! For those that have been logging their “small” Breaches (i.e., less than 500 individuals affected) and waiting to report them to HHS at the end of the year, next Wednesday, February 29th is the LAST day to get your information entered into...
HITECH Omnibus and AOD Rules Set for OMB Review Health Data Management reports that the long-awaited HITECH Omnibus Rule as well as the Accounting of Disclosures (AOD) Rule are set for OMB review. Expected also are proposed regulations for Meaningful Use Stage 2. HHS released its...