Blog Archives

HHS begins enforcement of breach notification requirements

As of February 22, 2010, HHS is expected to begin enforcing the new breach notification requirements created by the privacy and security provisions within the HITECH Act.  Although such requirements went into effect last fall, HHS gave covered entities and business

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , ,

Advocate Health Care already facing first lawsuit for July 15 breach involving 4 million EHR patient records

Chicago area Advocate Health Care suffered the country’s biggest health care record breach to date on July 15 – when four unencrypted laptops containing over four million patient records were stolen.  Seven weeks later the legal repercussions to July’s event

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Settlement of first small scale HIPAA breach announced by HHS

In a sign that HHS is serious about small data breaches, the Office of Civil Rights (OCR) and The Hospice of North Idaho reached a settlement agreement to resolve allegations of a 2010 breach involving 441 patient records. OCR Director Leon Rodriguez

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Laptop theft costs Massachusetts provider $1.5 million in HHS settlement

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates (MEEI) will be paying HHS $1.5 million in installments over three years for a 2010 incident.  It is worth noting that OCR also reached a $1.5 million settlement with

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

OCR: Health records of over 7 percent of U.S. population breached in past 3 years

Health records of over seven percent of the U.S. population – almost 21 million individuals – have been breached in the past three years, according to OCR. Although it may be somewhat of an apples-to-oranges comparison, it is worth noting

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , ,

HHS settles HIPAA violation case for $100,000, Corrective Action Plan

On April 17, 2012, HHS announced that its Office for Civil Rights (OCR) settled a HIPAA violation case against a surgery practice in Arizona, for $100,000 and a Corrective Action Plan (CAP), which requires implementation of policies and procedures to

Posted in HIPAA Tagged with: , , , , , , , , , ,

Study: Most data breaches are caused by insiders

A survey by Veriphyr, a provider of identity and access intelligence solutions, found that insiders were responsible for over 60% of data breaches of protected health information (PHI). Specifically, 35% of the PHI breaches were due to insiders’ snooping into

Posted in HIPAA Tagged with: , , , , , , , , , , , ,

UCLA Health System reaches $865,500 settlement with OCR

On July 6, 2011, the University of California at Los Angeles Health System (UCLAHS) reached a settlement with HHS’s Office of Civil Rights (OCR) regarding UCLAHS’s potential violations of HIPAA Privacy and Security Rules. The settlement includes a payment of

Posted in HIPAA Tagged with: , , , , , , , , , , , , , ,

Audit criticizes OCR and ONC over data privacy efforts

HHS’s own Office of Inspector General (OIG) issued a scathing report regarding pervasive breaches in privacy and security of patient data. OIG specifically called out the Office of Civil Rights (OCR), charged with enforcement of HIPAA Privacy and Security Rules,

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , ,

Updates to privacy and security regulations expected soon

According to Healthcareinfosecurity.com, the Office of Civil Rights (OCR) is still working on the final rule regarding the updates to HIPAA and the related HIPAA Privacy and Security Rules mandated by the HITECH Act. Susan McAndrew, deputy director for health information privacy

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

Cignet Health fined $4.3 million for HIPAA Privacy Rule violation

Cignet Health, a Maryland health plan and a HIPAA covered entity, has been fined $4.3 million for failing to produce health records upon request to 41 patients, and for failing to cooperate with OCR with the agency’s investigation.  This is

Posted in HIPAA Tagged with: , , , , , , , , , , , ,

Rite Aid settles FTC and OCR privacy charges

The Rite Aid Corporation, the third largest pharmacy chain in the United States, reached a major settlement with both the Federal Trade Commission (FTC) and HHS’s Office of Civil Rights (OCR) regarding charges that Rite Aid violated federal privacy and security

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , ,

HLM: OCR to release privacy and security rules in two weeks

OCR will release proposed rules later this month [or ‘about two weeks or around June 26th’] on most of the HIPAA privacy and security-related provisions in HITECH, according to the North Carolina Healthcare Information and Communications Alliance (NCHICA). <…> NCHICA

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , ,

OCR adds investigators to boost security rule enforcement

According to Health Data Management, Susan McAndrew, deputy director for privacy at the Department of Health and Human Services’ Office for Civil Rights (OCR) announced at a recent conference that OCR added investigators to 10 regional offices in order to

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,

In the news: patient privacy edition

HHS’s Office of Civil Rights (OCR) filed a notice in theFederal Register lifting a requirement preventing OCR from posting names of sole practitioners who suffer breaches of patient data without first obtaining consent from such practitioners.  Pursuant to the HITECH Act, any covered

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,

OCR delays enforcement of certain HITECH provisions

In a much-anticipated move, the Office of Civil Rights (OCR) within the Department of Health and Human Services has issued an update regarding delays of certain HITECH provisions, while confirming enforcement of others.  Via OCR press release:       OCR will

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,

OCR may delay enforcement of business associate provisions in the HITECH Act

Pursuant to the HITECH Act, on February 17, 2010, business associates of covered entitiesbecame subject to the HIPAA Privacy and Security Rules, including provisions regarding implementation of various safeguards to secure protected health information.  As Steve Fox pointed out in a recent report

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , ,

Sebelius shifts responsibility for HIPAA Security Rule enforcement to OCR

HHS Secretary Kathleen Sebelius has delegated the responsibility for administration and enforcement of the HIPAA Security Rule to the Office of Civil Rights, a division of HHS.  Previously, Centers for Medicare and Medicaid Services (CMS), another HHS division, was responsible for Security Rule

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,