Written by Kimberly Gold Most state and federal health care investigations are prompted by audits or claims brought by whistleblowers. But a recent newspaper article about a debt collection company’s tactics has prompted Congressional ire and potentially a federal investigation. On April 24th, a New York Times article highlighted Accretive Health’s alleged debt collection practices after… Continue Reading
Category Archives: Privacy & Security/HIPAA/HITECH
Subscribe to Privacy & Security/HIPAA/HITECH RSS FeedMassachusetts Office of Consumer Affairs and Business Regulation Publishes Report on Data Breaches
Posted in Privacy & Security/HIPAA/HITECHWritten by Kimberly Gold The Massachusetts Office of Consumer Affairs and Business Regulation received nearly 2000 data breach notifications affecting nearly 3.2 million individuals between October 31, 2007 and September 30, 2011, according to a report released on Monday. The health care industry experienced only 214 of the nearly 2000 breaches, but it had more… Continue Reading
The Rising Cost of HIPAA Violations
Posted in Privacy & Security/HIPAA/HITECH, State & Federal Audits, Investigations & LitigationAs detailed by Kimberly Gold in a recent Privacy & Security Matters post, a physician group recently agreed to pay a six-figure fine and implement a corrective action plan under a Resolution Agreement with the U.S. Department of Health and Human Services Office for Civil Rights after a lengthy investigation into potential HIPAA violations. I encourage you to… Continue Reading
HIPAA Omnibus Rule Expected Within 90 Days – Pending Review at OMB
Posted in Privacy & Security/HIPAA/HITECH, UncategorizedWritten by: Dianne Bourque and Stephanie Willis Officials from the Department of Health and Human Services Office for Civil Rights (OCR) announced March 26 that the long-awaited rule updating Health Insurance Portability and Accountability Act (HIPAA) regulations has been sent to the Office of Management and Budget (OMB). The omnibus rule, which covers four previously… Continue Reading
HHS OCR Announces First Settlement of a Self-Reported HIPAA Violation
Posted in Privacy & Security/HIPAA/HITECH, UncategorizedWritten by: Dianne Bourque and Stephanie Willis No one wants to be the first, especially not in this case. The Department of Health and Human Services’ Office of Civil Rights (OCR) announced its first settlement with a covered entity stemming from a report submitted pursuant to the Health Information Technology for Economic and Clinical Health Act’s… Continue Reading
Another Attempt to Curb the Sale of Prescription Data Comes Up Empty
Posted in Privacy & Security/HIPAA/HITECH, State & Federal Audits, Investigations & Litigation, UncategorizedWritten by: Ellyn Sternfield and Stephanie Willis Last year, the Supreme Court limited the ability of states to regulate the sale of prescription data. In Sorrell v. IMS Health, the Supreme Court determined that a 2007 Vermont law that effectively banned the sale of prescription data for commercial marketing purposes unless the prescriber consented was an… Continue Reading
The Best and Worst of HIPAA Compliance
Posted in Privacy & Security/HIPAA/HITECH, State & Federal Audits, Investigations & LitigationIf improving your HIPAA/HITECH compliance policies and procedures is one of your organization’s 2012 goals, I encourage you to read an article written by my colleague Ellen Janos entitled The Best and Worst of HIPAA Compliance, which was published in Corporate Compliance Insights. The article provides valuable information to assist covered entities in preparing for increased monitoring and audits by… Continue Reading
HITECH Data Breach Reporting Deadline Approaches
Posted in Privacy & Security/HIPAA/HITECH, UncategorizedWritten by Dianne Bourque and Daria Niewenhous It’s time for mandatory data breach reporting to the Office of Civil Rights (“OCR”) under The Health Information Technology for Economic and Clinical Health Act (“HITECH”) and the interim/final breach notification rules. Yes, it’s February – time for Valentines, cold and snow (in the Northeast anyway), but most… Continue Reading
New Year’s Resolutions — Privacy & Security
Posted in Privacy & Security/HIPAA/HITECH, UncategorizedMaintaining the privacy and security of protected health information and other confidential data is a never-ending task. In the spirit of the new year and the fresh start that it brings, we invite you to review Mintz Levin’s latest Privacy & Security Alert: New Year’s Resolutions — Privacy & Security, for tips to improve privacy… Continue Reading
Attention HIPAA Covered Entities: Keep an Eye on Your Mailbox….
Posted in Privacy & Security/HIPAA/HITECH, State & Federal Audits, Investigations & LitigationWritten by Dianne Bourque The HHS Office of Civil Rights has begun notifying the 150 covered entities chosen for its first round of audits under HITECH, and it has posted a sample audit notification letter. If your organization receives one of these letters, immediate attention is critical. You may have as few as ten days to respond… Continue Reading
Study Finds Health Care Data Privacy Breaches Are Rising
Posted in Privacy & Security/HIPAA/HITECH, State & Federal Audits, Investigations & LitigationWritten by Dianne J. Bourque and Stephanie D. Willis According to the Ponemon Institute’s Second Annual Benchmark Study on Patient Privacy and Data Security, the number of data breaches involving protected health information has risen by a staggering 32% since 2010. The study’s data came from health organizations that responded to a survey, supplemented by some interviews. Forty-one… Continue Reading
Blood Samples Protected by State Genetic Privacy Law
Posted in Clinical Laboratories, Clinical Trials & Research/FDA, Privacy & Security/HIPAA/HITECH, UncategorizedWritten by Dianne Bourque and Thomas Williams On November 16th, the Minnesota State Supreme Court held that a blood sample itself is protected information under the Minnesota Genetic Privacy Act (the“GPA”). The decision arose out of a suit brought by nine families of newborns’ whose blood had been collected, tested, and retained by the state under… Continue Reading
HHS OCR Begins HIPAA Audits
Posted in Privacy & Security/HIPAA/HITECH, State & Federal Audits, Investigations & Litigation, UncategorizedWritten by Dianne J. Bourque and Stephanie D. Willis The HHS Office of Civil Rights (OCR) begins its pilot HIPAA compliance audit program this month. Section 13411 of the Health Information Technology for Economic and Clinical Health Act, or (HITECH) Act, requires HHS to perform these periodic audits of covered entities and business associates to evaluate compliance with the… Continue Reading
HIPAA Isn’t the Only Data Breach Law of Concern
Posted in Privacy & Security/HIPAA/HITECHWritten by Dianne Bourque In the event of a data breach, covered entities must consider state law notification requirements, as well as those imposed by HIPAA. Toward that end, Mintz Levin has developed a survey of state data breach notification laws, which is a useful tool for understanding the types of protections states require, breach… Continue Reading
Texas Health Care Privacy Law
Posted in Privacy & Security/HIPAA/HITECHIn this article “Texas Law Gives Privacy More Muscle than HIPAA”, published by Law360 on September 16, 2011, Mintz Levin attorney Dianne Bourque is quoted regarding the aggressive new Texas health care privacy law. To read the full article click here.
Proposed CLIA and HIPAA Amendments Would Increase Patient Rights and Administrative Burden for Labs
Posted in Clinical Laboratories, Privacy & Security/HIPAA/HITECHWritten by Dianne Bourque and Karen Lovitch CMS has announced the publication of a proposed rule that will require HIPAA-covered laboratories to make test results available to patients no later than 180 days after the rule’s effective date, which will be 60 days after publication in tomorrow’s Federal Register. In other words, laboratories, many of which interface with patients… Continue Reading
