Category: HITECH Act

Updated Guide to Privacy and Security of Electronic Information Released by ONC and OCR

The Office of the National Coordinator for Health Information Technology (ONC) in collaboration with the Office for Civil Rights (OCR) recently released its new updated guidance for the privacy and security of electronic information.  The Guide to Privacy and Security of Electronic Health Information (the Guide), last published in 2011, is […]

Another Large Scale Data Breach Announced by Premera Blue Cross

Premera Blue Cross revealed Tuesday it was hit by a sophisticated cyber attack potentially exposing personal data for approximately 11 million of its members including members, employees and others with whom it does business, dating back to as early as 2002.  The insurer said its investigation revealed the initial malware attack occurred on May […]

Deadline Approaching for Reporting 2014 HIPAA Breaches

All covered entities that discovered security breaches under the Health Insurance Portability and Accountability Act (“HIPAA”) in 2014 should be aware of an upcoming reporting deadline.  Specifically, breaches that affected fewer than 500 individuals and were discovered in 2014 must be reported to the U.S. Department of Health and Human […]

Obama Advocates Federal Breach Reporting Law

On January 12, 2015, President Obama delivered a speech at the Federal Trade Commission during which he set forth several proposals, including the Personal Data Notification and Protection Act (the “Act”).  The Act would institute a federal data breach reporting framework by requiring businesses that hold consumer data to issue […]

Alaska Provider Reaches HIPAA Settlement with OCR for Security Deficiencies

On December 8, 2014, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Anchorage Community Mental Health Services (“ACMHS”) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  ACMHS will pay a $150,000 penalty and also enter […]

OCR Rep Discusses HIPAA Violations, Enforcement Actions, and Upcoming Audit Program

Last week, the National Institute of Standards and Technology (“NIST”), in conjunction with the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”), hosted a conference entitled “Safeguarding Health Information: Building Assurance through HIPAA Security.”  Both OCR officials and others within the industry spoke regarding HIPAA developments.  […]

Rhode Island Hospital Reaches Settlement with Massachusetts AG to Resolve Data Security Allegations

Last week, Women & Infants Hospital of Rhode Island (“W&I”) reached a settlement with the Massachusetts Attorney General to resolve allegations that W&I failed to adequately protect personal data stored on unencrypted backup tapes, violating both state and federal data security laws.  W&I has agreed to enhance its data security […]

HHS Issues Reports on HIPAA Breaches and HIPAA Compliance

Last week, the U.S. Department of Health and Human Services (“HHS”) released two reports to Congress, pursuant to its obligations under the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”): a report on Breaches of Unsecured Protected Health Information for 2011 – 2012 (the “Breach Report”) and a […]

Resource Launch – “Cloud Computing in Healthcare: HIPAA and State Law Challenges”

We are pleased to announce that a new resource has been added to our blog. On May 20, 2014, Cooley sponsored “Cloud Computing in Healthcare: HIPAA and State Law Challenges,” a presentation led by Cooley attorneys Matt Karlyn, Phil Mitchell, and Leah Roffman. The presentation began with a discussion of […]

HHS Attorney Advises to Expect More Aggressive HIPAA Enforcement

Jerome Meites, a chief regional civil rights counsel for the U.S. Department of Health and Human Services (“HHS”), provided important insight into upcoming HIPAA enforcement at the recent American Bar Association conference in Chicago .  Since June 2013, over $10 million has been paid by entities to settle alleged HIPAA violations.  Mr. Meites predicted that, […]