Category: HIPAA Omnibus Rule

HHS Launches HIPAA Platform for Medical Application Developers

On Monday, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released an online platform designed for use by developers of mobile medical applications (apps).  The site allows users to submit questions regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and to access […]

UCLA Health Announces It Was A Victim of a Cybersecurity Attack

UCLA Health announced today that it was the victim of a cybersecurity attack.  The press report  disseminated by UCLA Health noted there is evidence that computer systems containing sensitive personal data and health data was accessed; however, at this time UCLA Health maintains that no personal or health data itself was accessed […]

Updated Guide to Privacy and Security of Electronic Information Released by ONC and OCR

The Office of the National Coordinator for Health Information Technology (ONC) in collaboration with the Office for Civil Rights (OCR) recently released its new updated guidance for the privacy and security of electronic information.  The Guide to Privacy and Security of Electronic Health Information (the Guide), last published in 2011, is […]

HIPAA FAQ Series: Do You Need a BAA with Your Cloud Storage Provider?

This week, the HIPAA FAQ series continues with another topic about business associate agreements (BAAs). As most Covered Entities and Business Associates know, in the event that a Covered Entity utilizes a service provider that may have access to Protected Health Information (PHI), a BAA is required. Further, in the event […]

Another Large Scale Data Breach Announced by Premera Blue Cross

Premera Blue Cross revealed Tuesday it was hit by a sophisticated cyber attack potentially exposing personal data for approximately 11 million of its members including members, employees and others with whom it does business, dating back to as early as 2002.  The insurer said its investigation revealed the initial malware attack occurred on May […]

HIPAA FAQ Series: Are Covered Entities Liable for Business Associates’ HIPAA Violations?

This post marks the beginning of a new series on this blog covering various frequently asked questions regarding the Health Insurance Portability and Accountability Act (HIPAA).  There are many questions regarding HIPAA applicability, implementation, and liability that come up repeatedly.  We plan to use this series to discuss and analyze […]

Alaska Provider Reaches HIPAA Settlement with OCR for Security Deficiencies

On December 8, 2014, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Anchorage Community Mental Health Services (“ACMHS”) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  ACMHS will pay a $150,000 penalty and also enter […]