HHS Issues Limited HIPAA Waivers for Hurricane Harvey-Devastated Areas

The Department of Health and Human Services (HHS) has issued a limited set of waivers from HIPAA requirements for those affected in Texas and Louisiana by Hurricane/Tropical Storm Harvey. Though the agency cannot waive the HIPAA Privacy Rule, it can take more limited, focused actions. Here, then, are the five provisions for which Secretary Tom […]

Read the rest of this entry »
GoTo top Top

HHS Improves HIPAA Breach Web Reporting Tool

The Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR) have launched a revised web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and to learn how all breaches of health information are investigated and successfully resolved. The […]

Read the rest of this entry »
GoTo top Top

Small Breach Notifications Due by March 1

HIPAA-covered entities must report small data breaches of protected health information (PHI) affecting fewer than 500 individuals to the Office for Civil Rights (OCR) by March 1.  The law allows for 60 days to elapse at the close of a calendar year before that year’s small breaches must be reported to OCR. When the breach […]

Read the rest of this entry »
GoTo top Top

Three Pharmaceutical Employees Given Criminal Sentences for HIPAA Violations

Three employees of Warner Chilcott, a pharmaceutical company headquartered in New Jersey, were sentenced to home confinement and levied fines, each to varying degrees, for violations of the Health Insurance Portability and Accountability Act (HIPAA) and its privacy provisions. The three district managers — one located in California, one in North Carolina and one in New […]

Read the rest of this entry »
GoTo top Top

HIPAA Celebrates 20th Anniversary Today

On this day (Aug. 21) in 1996, President Bill Clinton signed into law the Health Insurance Portability and Accountability Act (HIPAA), which as its title implies protects people with pre-existing conditions when they change jobs and need new health insurance. From that date until Obamacare took over in 2014, if you left one company with a […]

Read the rest of this entry »
GoTo top Top

OCR Notifies 167 Covered Entities That They’re Being HIPAA-Compliant Audited

The Office for Civil Rights (OCR), in charge of enforcing the privacy, security, breach and other HIPAA rules, said yesterday it has notified 167 covered entities that they must submit all papers necessary for a remote “desk audit” within 10 days. “Letters were delivered on Monday, July 11, 2016, via email to 167 health plans, healthcare […]

Read the rest of this entry »
GoTo top Top

First-Ever Business Associate Fine for a HIPAA Violation

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule after the theft of a CHCS mobile device compromised the protected health information (PHI) of hundreds of nursing home residents, according to the Office for Civil […]

Read the rest of this entry »
GoTo top Top

Reality TV Goes Too Far, Films Dying Patient — Gets Fined $2.2M

This week, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that it reached a $2.2 million settlement with New York Presbyterian Hospital (NYP) for the egregious disclosure of two patients’ protected health information (PHI) to film crews and staff during the filming of “NY Med,” an ABC television series, […]

Read the rest of this entry »
GoTo top Top

OCR Begins Phase 2 of HIPAA Audits

As a part of its continued efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the Office for Civil Rights (OCR) has begun its next phase of audits of covered entities and their business associates. In its 2016 Phase 2 HIPAA Audit Program, OCR will  review the policies and procedures adopted […]

Read the rest of this entry »
GoTo top Top

HIPAA Breaches from 2015 Must Be Reported by Feb. 29

Covered entities that experienced a breach (or breaches) of protected health information (PHI) have 60 days after the end of the calendar year to submit reports to the Office for Civil Rights (OCR), making this year’s deadline Monday, Feb. 29. The year-end rule applies to breaches of fewer than 500 individuals; breaches affecting 500 or […]

Read the rest of this entry »
GoTo top Top