HHS Seeks to Revamp HIPAA Privacy Rule

The Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has  issued a Request for Information (RFI) seeking input from the public on how the Health Insurance Portability and Accountability Act (HIPAA) Rules, especially the HIPAA Privacy Rule, could be modified to further the HHS secretary’s goal of promoting coordinated, value-based health […]

Read the rest of this entry »
GoTo top Top

Anthem On the Hook for $16M to U.S., $115M to Consumers

As a result of a single data breach of protected health information (PHI), albeit one affecting 79 million consumers, Anthem Inc. is now being fined $16 million by the government and owes an additional $115 million to those affected, who won a class action lawsuit that was approved by a judge this past August. The […]

Read the rest of this entry »
GoTo top Top

HHS Seeks to Modify Disclosure Rule, Establish Means to Share HIPAA Fines with Victims

Following comments made in March by Roger Severino, director of the Office for Civil Rights (OCR), the Department of Health and Human Services (HHS) recently published two Notices of Proposed Rulemaking (NPRMs), seeking comments on revising the disclosure rule covering protected health information (PHI) and on sharing HIPAA Privacy Rule violation fines with victims of […]

Read the rest of this entry »
GoTo top Top

HHS Releases Guide on Obtaining One’s Health Records

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) today released the ONC Guide to Getting and Using your Health Records, a new online resource for individuals, patients, and caregivers. This new resource supports both the 21st Century Cures Act goal of empowering patients and improving patients’ access […]

Read the rest of this entry »
GoTo top Top

OCR Chief to Seek Changes to HIPAA Privacy Rule and Breach Enforcement

Roger Severino, director of the Office for Civil Rights (OCR) with enforcement powers over the HIPAA Privacy Rule and breaches of protected health information (PHI), announced he is looking to make some changes to both and will issue Notices of Proposed Rulemaking (NPRMs) and Requests for Information (RFIs) before proceeding. Specifically, he told a HIPAA […]

Read the rest of this entry »
GoTo top Top

HIPAA Violations Don’t End with the Closing of a Business, OCR Says

A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Filefax, located in Northbrook, […]

Read the rest of this entry »
GoTo top Top

Notice of Small HIPAA Breaches from 2017 Due Today

Official notifications of HIPAA breaches affecting fewer than 500 individuals are due today at the Department of Health and Human Services (HHS). Notices should be posted using the HHS website reporting tool. The Office for Civil Rights (OCR) within HHS handles breach oversight. A HIPAA breach is defined as “impermissible use or disclosure under the […]

Read the rest of this entry »
GoTo top Top

Firm Settles for $3.5 Million for 5 HIPAA Breaches

Fresenius Medical Care North America (FMCNA), which operates health care facilities throughout the nation, has settled for $3.5 million for a series of five breaches it reported in 2012. This was the first settlement of the year announced by the Office for Civil Rights (OCR), which enforces HIPAA breach violations. Headquartered in Waltham, Mass., FMCNA is […]

Read the rest of this entry »
GoTo top Top

OCR Issues Newsletter Warning about Cyber Threats to PHI

The Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS) in January published a newsletter concerning cyber threats to entities storing PHI (protected health information), which is covered by the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA). The newsletter begins by nothing that “Organizations […]

Read the rest of this entry »
GoTo top Top

HHS Issues Limited HIPAA Waivers for Hurricane Harvey-Devastated Areas

The Department of Health and Human Services (HHS) has issued a limited set of waivers from HIPAA requirements for those affected in Texas and Louisiana by Hurricane/Tropical Storm Harvey. Though the agency cannot waive the HIPAA Privacy Rule, it can take more limited, focused actions. Here, then, are the five provisions for which Secretary Tom […]

Read the rest of this entry »
GoTo top Top