OCR Releases HIPAA De-identification Q&A Guidance With the weekend coming up, why not take a break from the holiday frenzy and read through OCR’s new HIPAA De-identification guidance. The approximately 30-page guidance document is an easy read, even for those of us who aren’t...
OCR Releases HIPAA Audit Protocol as Audits Continue Without pomp and circumstance, OCR made available its protocol for the HIPAA performance audits conducted pursuant to the HITECH audit requirement. The Audit Protocol covers the Privacy, Security and Breach Notification Rules,...
Cardiac Surgery MD Group Agrees to Pay 0,000 Settlement to HHS for Lack of HIPAA safeguards And the HIPAA money keeps rolling to the feds. The latest settlement (announced today) is with a cardiac surgery physician group in Phoenix, Arizona, which has agreed to pay a hefty sum after someone...
Utah Medicaid Claims Data Hacked Affecting Over 24,000 The Utah Department of Health (UDOH) has experienced a data breach of its Medicaid claims data of over 24,000 individuals. The breach was reported to UDOH by the Utah Technology Services Department on Monday, April 2nd, and while...
Feb 29th is Last Day to Report Breaches of <500 to HHS! For those that have been logging their “small” Breaches (i.e., less than 500 individuals affected) and waiting to report them to HHS at the end of the year, next Wednesday, February 29th is the LAST day to get your information entered into...
HITECH Omnibus and AOD Rules Set for OMB Review Health Data Management reports that the long-awaited HITECH Omnibus Rule as well as the Accounting of Disclosures (AOD) Rule are set for OMB review. Expected also are proposed regulations for Meaningful Use Stage 2. HHS released its...
State AG Brings First HIPAA Lawsuit Against Business Associate Last month, I posted how treatment of business associates during HIPAA investigations remains unclear as well as assignment of liability for breaches of PHI. A final “omnibus rule” is expected to clarify the HITECH business...
HIPAA Audits Begin November 2011, How Can Covered Entities and Business Associates Prepare? The United States Department of Health and Human Services (HHS) has announced that it will begin HIPAA audits of covered entities and business associates this November 2011, and its contracted...
HIPAA Auditor Responsible for Breach in 2010 In June of 2010, a large healthcare system was informed by its business associate that a breach had occurred, affecting thousands of patients at its hospital. The breach had occurred the previous month when an employee of the business...
HITPC Releases Tiger Team EHR Amendment/Correction Recommendations The ONC Health Information Technology Policy Committee (HITPC) released the Privacy & Security Tiger Team (Tiger Team) recommendations concerning amendments and corrections to electronic medical records (EMRs) in a...
U.S. Supreme Court Strikes Down Vermont’s Prescription Drug Data Mining Ban Law Last Friday, the United States Supreme Court struck down the Vermont Prescription Confidentiality Law allowing prescriber-identifying information to be sold and disclosed by pharmacies and pharmaceutical...
HHS Releases Proposed Rule for Accounting of Disclosures A Notice of Proposed Rulemaking (NPRM) concerning the accounting of disclosures (AOD)requirement under the HIPAA Privacy Rule was posted last Friday, May 31, 2011. The U.S. Department of Health and Human Services’ (HHS) Office...
OCR Will Address Almost Everything in HITECH Omnibus Rule HealthDataManagementhas quoted Susan McAndrew, deputy director of health information privacy in the Department of Health and Human Services, OCR, as saying that the final rules implementing the HITECH Act are to be released...
One, Two HIPAA Penalty Punch from HHS and OCR Just as gasps from the 4.3 million dollar penalty OCR assessed against Cignet Health of Maryland started to subside, OCR delivers a whopping 1 million dollar penalty to another hospital — this time to the The General Hospital Corporation and...
Kansas Aligns State Privacy Laws with HIPAA as HIE Standard Today, the State of Kansas’ Senate committee approved (by a vote of 39-0) Senate Bill 133 to align the state’s privacy laws with HIPAA. The Kansas Health Information Exchange, Inc. (the state’s RHIO) testified before the Senate...