On September 16, the American Medical Association (AMA) released a new framework intended to improve the development and integration of Electronic Health Record (EHR) systems. While the AMA recognizes the potential value of EHRs, it notes that adoption and effective use has been slow due, in large part, to poor optimization […]
The U.S. Department of Health and Human Services (“HHS”), in collaboration with the Office of the National Coordinator for Health Information Technology (“ONC”), recently developed a tool to assist certain health care providers with conducting security risk assessments (the “SRA Tool”) as required by the Health Insurance Portability and Accountability Act […]
The U.S. Department of Health & Human Services Office of Inspector General (the “OIG”) recently released a report regarding how electronic health records (“EHRs”) may contribute to health care fraud, entitled “CMS and Its Contractors Have Adopted Few Program Integrity Practices to Address Vulnerabilities in EHRs” (the “Report”). The Report describes […]
HIPAA Breach at Iowa Hospital Chain Highlights the Vulnerability of Electronic Medical Records and the Importance of Internal Audits
Another month, another HIPAA breach. On October 2, 2013, UnityPoint Health, a large network of hospitals and clinics in Iowa and Illinois, announced that it had discovered a breach of its electronic medical records system and alerted the FBI. The breach, in which a contractor gained access to the system over the course of […]
The Office for Civil Rights (“OCR”), in collaboration with the Office of the National Coordinator for Health Information Technology (“ONC”), recently developed and released model Notices of Privacy Practices (“Notices”) for health care providers and health plans. Several different styles and formats are available for customization.
Today, we added an exciting new resource to our blog: a tracking chart that provides an overview of select privacy and security settlements related to the Health Insurance Portability and Accountability Act (HIPAA). Included in the tracking chart are summaries of allegations, settlement amounts, descriptions of corrective action plans, and […]
On August 23, 2013, Advocate Medical Group (“AMG”), Illinois’s largest health care network, announced that four computers housing the personal information of over four million patients were stolen in the burglary of an administrative building on July 15, 2013. Upon discovering the burglary, AMG immediately notified local police, who are […]