Protected Health Information

In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement. This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements.
Continue Reading $2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk

Last week we posted about A Brief Primer on the NIST Cybersecurity Framework. Our partner and HIPAA/HITECH expert Elizabeth Litten took the NIST Cybersecurity Framework and created a blog post for the HIPAA, HITECH and Health Information Technology Blog on how How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips. For those facing any HIPAA-related issues, it is a worthwhile read.
Continue Reading How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips

The Federal Trade Commission recently announced that it settled charges against a health billing company and its former CEO that they misled consumers who had signed up for their online billing portal by failing to inform them that the company would seek detailed medical information from pharmacies, medical labs and insurance companies.

The Atlanta-based medical

DataSecurityWe are pleased to announce the launch of our Data Breach 411 App, which is available for free download in the iTunes store at:  https://itunes.apple.com/us/app/data-breach-411/id726115837?mt=8

The Data Breach 411 App is a data breach survival guide designed to tackle a general counsel’s worst nightmare:  the loss or theft of sensitive data.

Features of the app

On July 11, 2013, the Department of Health and Human Services announced that it reached a settlement with WellPoint Inc. related to potential violations of the HIPAA Privacy and Security Rules.  In compliance with the HITECH Breach Notification Rule, WellPoint notified the HHS Office for Civil Rights that certain security weaknesses in one of its

While the undertakings of a Medicare ACO and the terminology in the Data Use Agreement for protection of patient data may differ from those of covered entities, business associates and subcontractors and their BAAs under the HIPAA/HITECH regulations, they have many striking similarities and purposes
Continue Reading HIPAA “Mega Rule”, Meet “Super BAA”: The CMS Data Use Agreement

SAIC’s recent Motion to Dismiss the Consolidated Amended Complaint filed in federal court in Florida as a putative class action highlights the gaps between an incident (like a theft) involving PHI, a determination that a breach of PHI has occurred, and the realization of harm resulting from the breach.
Continue Reading The SAIC Breach and a Look Across the Chasm Between Significant Risk and Actual Harm Resulting from a HIPAA Breach

CMS proposal would base eligibility for provider incentive payments for the “meaningful use” of Electronic Health Records (“EHRs”) not simply on providers’ use of EHR, but on their patients’ use.
Continue Reading Patients’ “Meaningful Use” of Electronic Health Information Proposed as Core Measure for Provider Incentive Payments from Feds