Category: HITECH Act

New HIPAA Settlements Show OCR’s Focus on Encryption

Last week, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) reached settlements with two separate entities for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  Specifically, Concentra Health Services (“Concentra”) agreed to pay $1,725,220 following the theft of an unencrypted laptop and the […]

County Pays $215,000 to Resolve Alleged HIPAA Non-Compliance

On March 7, 2014, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Skagit County, Washington, has agreed to pay $215,000 and enter into a three year corrective action plan in order to settle alleged violations of the Health Insurance Portability and Accountability Act […]

Government to Resume HIPAA Compliance Audits in 2014

This week at the Healthcare Information and Management Systems Society (“HIMSS”) Conference, Susan McAndrew, the Deputy Director for Information Privacy at the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”), announced that OCR is planning to resume its HIPAA compliance audit program in 2014.  As a […]

Oklahoma Board of Medicine Passes Rule Requiring that Telehealth Technology be HIPAA Compliant

After a physician in Oklahoma was disciplined for, among other things, using non-HIPAA compliant technology to treat patients, the Oklahoma Medical Board has adopted a new rule (the “Oklahoma Telemedicine Rule”) regarding the practice of telemedicine in the state.  The Oklahoma Telemedicine Rule (Okla. Admin. Code. § 435:10-7-13) sets forth multiple requirements regarding […]

HHS Releases Omnibus Rule Guidance on Refill Reminders and Other Topics

Last week, the U.S. Department of Health and Human Services (“HHS”) released guidance that helps to clarify four parts of the Final HIPAA Omnibus Rule (the “Omnibus Rule”) – many provisions of which become effective today.  Specifically, HHS released clarification regarding how the Omnibus Rule governs the following topics: 1) […]

HHS Releases Model Notices of Privacy Practices

The Office for Civil Rights (“OCR”), in collaboration with the Office of the National Coordinator for Health Information Technology (“ONC”), recently developed and released model Notices of Privacy Practices (“Notices”) for health care providers and health plans.  Several different styles and formats are available for customization. 

Constitutional Challenge to HIPAA: HHS Responds

The U.S. Department of Health and Human Services (“HHS”) has responded to a legal challenge filed last week alleging that the Final HIPAA Omnibus Rule (the “Omnibus Rule”) is unconstitutional because it infringes on the First Amendment.  Adheris, Inc. (“Adheris”), a company that sends patients prescription refill reminders and educational […]