On Monday, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released an online platform designed for use by developers of mobile medical applications (apps). The site allows users to submit questions regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and to access […]
The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued two reports yesterday calling for the HHS Office of Civil Rights (OCR) to strengthen its Health Insurance Portability and Accountability Act (HIPAA) enforcement efforts. In response to these reports, HHS announced that it […]
Excellus, a BlueCross BlueShield (BCBS) provider servicing upstate New York, announced last week that it was the latest in a string of BCBS providers that experienced a data breach as a result of a cyberattack. CareFirst BlueCross Blue Shield, Anthem, and Premera Blue Cross all recently announced they were the victims of sophisticated cyberattacks […]
Last week, Cancer Care Group, P.C. (CCG), an Indiana radiation oncology practice, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and adopting a three year corrective action plan.
UCLA Health announced today that it was the victim of a cybersecurity attack. The press report disseminated by UCLA Health noted there is evidence that computer systems containing sensitive personal data and health data was accessed; however, at this time UCLA Health maintains that no personal or health data itself was accessed […]
Last week, St. Elizabeth’s Medical Center (SEMC), a hospital located in Brighton, Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $218,400 and adopting a robust corrective action plan.
Connecticut and Oregon were recently added to the increasing list of states adopting stricter laws addressing the handling of health information and penalties in connection with breaches of health information. Both states amended their respective data security and breach notification laws and they will now levy stricter requirements on entities that store or […]
In order to protect the privacy and security of patients’ information, the Health Insurance Portability and Accountability Act (HIPAA) imposes substantial obligations on covered entities (certain providers, plans, and health care clearinghouses), as well as their business associates. These obligations can be intrusive and costly, and can require substantial investments […]
The Health Insurance Portability and Accountability Act (HIPAA) mandates that both Covered Entities and Business Associates protect the security of Protected Health Information (PHI) in a variety of ways. Specifically, HIPAA’s Security Rule sets forth various technical, administrative, and physical safeguards that must be enacted in order to ensure the […]
CareFirst, a Blue Cross Blue Shield plan serving the Washington D.C. metro area, became another in a line of health insurers to suffer a data breach as a result of hackers. CareFirst and the FBI are examining the breach which potentially compromised 1.1 million customers. The company reports that although […]