Category: HITECH Act

GAO Criticizes HHS In Health Information Cybersecurity Report

On Monday, the Government Accountability Office (“GAO”) released a report (the “Report”) criticizing the U.S. Department of Health and Human Services (“HHS”) security and privacy guidance and oversight in protecting electronic protected health information (“ePHI”) from cybersecurity attacks.  The Report noted that HHS does not adequately address cybersecurity elements outlined […]

Advocate Data Breaches Result in Largest HIPAA Settlement To Date

On August 8th, 2016, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date with Advocate Health Care System (Advocate).  Advocate agreed to pay $5.55 million to settle a variety of HIPAA violations.  Advocate […]

Hospital and Vendor Reach Agreement to Settle Alleged HIPAA Violations with Connecticut AG

Last week, the Connecticut Attorney General (the “Connecticut AG”) announced that Hartford Hospital and its subcontractor, EMC Corporation (“EMC”), agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  The entities will collectively pay a $90,000 penalty and also sign an Assurance of Voluntary Compliance (an […]

Implications of the Cybersecurity Bill for the Health Care Industry

*This post is co-authored by Vince Sampson On Tuesday the Senate passed the Cybersecurity Information Sharing Act (CISA).  The House had passed a similar bill, the Protecting Cyber Networks Act, in April of this year.  The Act comes in the wake of many large scale data breaches, such as that suffered […]

HHS Launches HIPAA Platform for Medical Application Developers

On Monday, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released an online platform designed for use by developers of mobile medical applications (apps).  The site allows users to submit questions regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and to access […]

HHS To Launch New HIPAA Audits in Early 2016 in Response to OIG Reports

The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued two reports  yesterday calling for the HHS Office of Civil Rights (OCR) to strengthen its Health Insurance Portability and Accountability Act (HIPAA) enforcement efforts.   In response to these reports, HHS announced that it […]

Excellus is Latest in Line of BCBS Insurers Experiencing Cyberattack

Excellus, a BlueCross BlueShield (BCBS)  provider servicing upstate New York, announced last week that it was the latest in a string of BCBS providers that experienced a data breach as a result of a cyberattack.  CareFirst BlueCross Blue Shield, Anthem, and Premera Blue Cross all recently announced they were the victims of sophisticated cyberattacks […]