Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: HIPAA

Posted on By HL Chronicle of Data Protection and Marcy Wilder Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

HHS Issues New HITECH/HIPAA Rule: Top Ten Changes

In the most significant change to HIPAA since the law was enacted, the Department of Health and Human Services issued an omnibus HIPAA regulation, which will require substantial operational changes for HIPAA covered entities and their business associates.  Ten important changes are: Changes to the data breach rule will make more incidents reportable. Business associates are [...]

Posted on By HL Chronicle of Data Protection Posted in Health Privacy/HIPAA

HHS Issues Final HITECH Regulations

The Department of Health and Human Services (HHS) just released the highly anticipated final regulations implementing the privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The regulations address: Final modifications to the HIPAA Privacy, Security and Enforcement Rules mandated by the HITECH Act; Final rule adopting changes [...]

Posted on By HL Chronicle of Data Protection Posted in Health Privacy/HIPAA

OCR Releases Guidance on PHI De-Identification in Accordance with HIPAA

On November 26, the U.S. Department of Health and Human Services’ Office for Civil Rights released guidance on methods for de-identification of protected health information in keeping with the HIPAA Privacy Rule (as required under the HITECH Act).   The guidance answers questions related to each of the permissible de-identification methods – the expert determination [...]

Posted on By Michael Epshteyn Posted in Health Privacy/HIPAA

California Adds Affirmative Defense to Medical Privacy Law

A new law that amends the California Confidentiality of Medical Information Act (CMIA) may provide some relief to HIPAA covered entities and business associates, some of whom have faced class action lawsuits seeking millions in statutory damages under the CMIA for large-scale data breaches. The changes to the CMIA are summarized in this entry.

Posted on By HL Chronicle of Data Protection Posted in Consumer Privacy, Cybersecurity & Data Breaches, Employment Privacy, Health Privacy/HIPAA

What the States Did on Their “Summer Vacation”: Enact New Privacy Laws

This summer, several states have enacted legislation addressing a broad range of privacy issues including data breach notification, health care privacy, employer access to employees’ and applicants’ social networking accounts, the collection of Social Security numbers, and telemarketing. We provide an overview of the recent privacy regulation developments in Vermont, Connecticut, Hawaii, New York, and Illinois.

Posted on By Marcy Wilder Posted in Health Privacy/HIPAA

Alaska Medicaid Settles HIPAA Security Rule Violations for $1.7 Million

Following an extensive investigation by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR), the Alaska Department of Health and Social Services (DHSS), Alaska’s state Medicaid agency, agreed to pay $1.7 million in fines and to comply with a corrective action plan (CAP) to address gaps in its compliance with the HIPAA Privacy and Security Rules.

Posted on By Winston Maxwell Posted in Cybersecurity & Data Breaches

Cloud Computing for Regulated Industries: Security Requirements Differ

Data stored in the cloud will be subject to numerous data security laws, explains Hogan Lovells partner Phil Porter in a recent article. Specific types of data will trigger different security regulations, ranging from HIPAA rules for health data, to Gramm-Leach-Bliley Act rules for financial service data, to COPPA for data about children. Data hosted in the cloud in the U.S. might also subject the data to U.S. national security rules, including USA Patriot Act. Cloud service providers and customers need to tailor their contractual provisions to match these regulatory imperatives.

Posted on By Michael Epshteyn Posted in Health Privacy/HIPAA

HIPAA Security Rule Oversight by HHS is ‘Insufficient’ According to the OIG

The U.S. Department Health and Human Services Office of the Inspector General issued two reports yesterday criticizing the Centers for Medicare and Medicaid Services (“CMS”) and the Office of the National Coordinator for Health IT (“ONC”) for doing too little to protect the security of patient health information. The first report, Nationwide Rollup Review of the Centers for Medicare & Medicaid Services HIPAA Oversight, found that CMS oversight and enforcement “were not sufficient to ensure that covered entities, such as hospitals, effectively implemented the Security Rule.”