HHS Releases Guide on Obtaining One’s Health Records

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) today released the ONC Guide to Getting and Using your Health Records, a new online resource for individuals, patients, and caregivers. This new resource supports both the 21st Century Cures Act goal of empowering patients and improving patients’ access […]

Read the rest of this entry »
GoTo top Top

OCR Chief to Seek Changes to HIPAA Privacy Rule and Breach Enforcement

Roger Severino, director of the Office for Civil Rights (OCR) with enforcement powers over the HIPAA Privacy Rule and breach enforcement, announced he is looking to make some changes to both and will issue Notices of Proposed Rulemaking (NPRMs) and Requests for Information (RFIs) before proceeding. Specifically, he told a HIPAA meeting in Arlington, Va., […]

Read the rest of this entry »
GoTo top Top

HIPAA Violations Don’t End with the Closing of a Business, OCR Says

A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Filefax, located in Northbrook, […]

Read the rest of this entry »
GoTo top Top

Notice of Small HIPAA Breaches from 2017 Due Today

Official notifications of HIPAA breaches affecting fewer than 500 individuals are due today at the Department of Health and Human Services (HHS). Notices should be posted using the HHS website reporting tool. The Office for Civil Rights (OCR) within HHS handles breach oversight. A HIPAA breach is defined as “impermissible use or disclosure under the […]

Read the rest of this entry »
GoTo top Top

Firm Settles for $3.5 Million for 5 HIPAA Breaches

Fresenius Medical Care North America (FMCNA), which operates health care facilities throughout the nation, has settled for $3.5 million for a series of five breaches it reported in 2012. This was the first settlement of the year announced by the Office for Civil Rights (OCR), which enforces HIPAA breach violations. Headquartered in Waltham, Mass., FMCNA is […]

Read the rest of this entry »
GoTo top Top

OCR Issues Newsletter Warning about Cyber Threats to PHI

The Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS) in January published a newsletter concerning cyber threats to entities storing PHI (protected health information), which is covered by the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA). The newsletter begins by nothing that “Organizations […]

Read the rest of this entry »
GoTo top Top

HHS Issues Limited HIPAA Waivers for Hurricane Harvey-Devastated Areas

The Department of Health and Human Services (HHS) has issued a limited set of waivers from HIPAA requirements for those affected in Texas and Louisiana by Hurricane/Tropical Storm Harvey. Though the agency cannot waive the HIPAA Privacy Rule, it can take more limited, focused actions. Here, then, are the five provisions for which Secretary Tom […]

Read the rest of this entry »
GoTo top Top

HHS Improves HIPAA Breach Web Reporting Tool

The Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR) have launched a revised web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and to learn how all breaches of health information are investigated and successfully resolved. The […]

Read the rest of this entry »
GoTo top Top

Small Breach Notifications Due by March 1

HIPAA-covered entities must report small data breaches of protected health information (PHI) affecting fewer than 500 individuals to the Office for Civil Rights (OCR) by March 1.  The law allows for 60 days to elapse at the close of a calendar year before that year’s small breaches must be reported to OCR. When the breach […]

Read the rest of this entry »
GoTo top Top

Three Pharmaceutical Employees Given Criminal Sentences for HIPAA Violations

Three employees of Warner Chilcott, a pharmaceutical company headquartered in New Jersey, were sentenced to home confinement and levied fines, each to varying degrees, for violations of the Health Insurance Portability and Accountability Act (HIPAA) and its privacy provisions. The three district managers — one located in California, one in North Carolina and one in New […]

Read the rest of this entry »
GoTo top Top