All posts by Leah Roffman

Colorado Pharmacy Reaches HIPAA Settlement with OCR Following Improper Records Disposal

Yesterday, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Cornell Prescription Pharmacy of Denver, Colorado (“Cornell Pharmacy”) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  Cornell Pharmacy, a single location pharmacy, will pay a $125,000 […]

HIPAA FAQ Series: Do You Need a BAA with Your Cloud Storage Provider?

This week, the HIPAA FAQ series continues with another topic about business associate agreements (BAAs). As most Covered Entities and Business Associates know, in the event that a Covered Entity utilizes a service provider that may have access to Protected Health Information (PHI), a BAA is required. Further, in the event […]

HIPAA FAQ Series: Do You Need a BAA with Your Mail Carrier?

This week, the HIPAA FAQ series continues with a topic about business associate agreements (BAAs).  Most Covered Entities and Business Associates are familiar with general BAA obligations.  In the event that a Covered Entity utilizes a service provider who may have access to Protected Health Information (PHI), a BAA is […]

HIPAA FAQ Series: Does HIPAA Permit Communications via E-mail with PHI Subjects?

Last week, we introduced a new series to this blog that will cover frequently asked questions regarding the Health Insurance Portability and Accountability Act (HIPAA).  This week, the series continues by delving into a hot topic that arises frequently: whether it is permissible for Covered Entities and Business Associates to […]

HIPAA FAQ Series: Are Covered Entities Liable for Business Associates’ HIPAA Violations?

This post marks the beginning of a new series on this blog covering various frequently asked questions regarding the Health Insurance Portability and Accountability Act (HIPAA).  There are many questions regarding HIPAA applicability, implementation, and liability that come up repeatedly.  We plan to use this series to discuss and analyze […]

Deadline Approaching for Reporting 2014 HIPAA Breaches

All covered entities that discovered security breaches under the Health Insurance Portability and Accountability Act (“HIPAA”) in 2014 should be aware of an upcoming reporting deadline.  Specifically, breaches that affected fewer than 500 individuals and were discovered in 2014 must be reported to the U.S. Department of Health and Human […]

Next Round of HIPAA Audits to Begin “Expeditiously”

During a media roundtable held this week, the Director of the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) Jocelyn Samuels provided additional information regarding the long awaited next round of audits for compliance with the Health Insurance Portability and Accountability Act (HIPAA).  Specifically, she said […]

Obama Advocates Federal Breach Reporting Law

On January 12, 2015, President Obama delivered a speech at the Federal Trade Commission during which he set forth several proposals, including the Personal Data Notification and Protection Act (the “Act”).  The Act would institute a federal data breach reporting framework by requiring businesses that hold consumer data to issue […]

Alaska Provider Reaches HIPAA Settlement with OCR for Security Deficiencies

On December 8, 2014, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Anchorage Community Mental Health Services (“ACMHS”) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  ACMHS will pay a $150,000 penalty and also enter […]

Federal Advisory Group Considers Patient Data Standards

This week, the Privacy and Security Workgroup within the Health IT Policy Committee was tasked by the U.S. Department of Health and Human Services (“HHS”) to discuss certain patient data protections.  Specifically, they were asked to consider “updates or additional policies needed to address ethical privacy frameworks and research standards” […]