Category: HIPAA

County Pays $215,000 to Resolve Alleged HIPAA Non-Compliance

On March 7, 2014, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Skagit County, Washington, has agreed to pay $215,000 and enter into a three year corrective action plan in order to settle alleged violations of the Health Insurance Portability and Accountability Act […]

Government to Resume HIPAA Compliance Audits in 2014

This week at the Healthcare Information and Management Systems Society (“HIMSS”) Conference, Susan McAndrew, the Deputy Director for Information Privacy at the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”), announced that OCR is planning to resume its HIPAA compliance audit program in 2014.  As a […]

Oklahoma Board of Medicine Passes Rule Requiring that Telehealth Technology be HIPAA Compliant

After a physician in Oklahoma was disciplined for, among other things, using non-HIPAA compliant technology to treat patients, the Oklahoma Medical Board has adopted a new rule (the “Oklahoma Telemedicine Rule”) regarding the practice of telemedicine in the state.  The Oklahoma Telemedicine Rule (Okla. Admin. Code. § 435:10-7-13) sets forth multiple requirements regarding […]

Breach of Patient Information at University of Washington Medical Center

Last week, the University of Washington Medical Center (“UWMC”) issued a press release explaining the details of a recent data breach and corrective action undertaken.  Specifically, in early October 2013, a UWMC employee opened an email attachment that contained malicious software (“malware”).  The malware took control of the computer in […]

HIPAA Breach at Iowa Hospital Chain Highlights the Vulnerability of Electronic Medical Records and the Importance of Internal Audits

Another month, another HIPAA breach.  On October 2, 2013, UnityPoint Health, a large network of hospitals and clinics in Iowa and Illinois, announced that it had discovered a breach of its electronic medical records system and alerted the FBI.  The breach, in which a contractor gained access to the system over the course of […]

HHS Releases Omnibus Rule Guidance on Refill Reminders and Other Topics

Last week, the U.S. Department of Health and Human Services (“HHS”) released guidance that helps to clarify four parts of the Final HIPAA Omnibus Rule (the “Omnibus Rule”) – many provisions of which become effective today.  Specifically, HHS released clarification regarding how the Omnibus Rule governs the following topics: 1) […]

HHS Releases Model Notices of Privacy Practices

The Office for Civil Rights (“OCR”), in collaboration with the Office of the National Coordinator for Health Information Technology (“ONC”), recently developed and released model Notices of Privacy Practices (“Notices”) for health care providers and health plans.  Several different styles and formats are available for customization. 

Constitutional Challenge to HIPAA: HHS Responds

The U.S. Department of Health and Human Services (“HHS”) has responded to a legal challenge filed last week alleging that the Final HIPAA Omnibus Rule (the “Omnibus Rule”) is unconstitutional because it infringes on the First Amendment.  Adheris, Inc. (“Adheris”), a company that sends patients prescription refill reminders and educational […]

Constitutional Challenge to HIPAA

On September 6, 2013, Adheris, Inc. (“Adheris”), an inVentiv company that works with pharmacies and pharmaceutical manufacturers to send medication refill reminders and educational information regarding diseases to patients, filed suit against the U.S. Department of Health and Human Services (“HHS”).  Adheris alleges that certain provisions of the Final HIPAA Omnibus […]

Resource Launch: Introducing Cooley’s HIPAA Privacy and Security Enforcement Tracking Chart

Today, we added an exciting new resource to our blog: a tracking chart that provides an overview of select privacy and security settlements related to the Health Insurance Portability and Accountability Act (HIPAA). Included in the tracking chart are summaries of allegations, settlement amounts, descriptions of corrective action plans, and […]