Tag Archives: HIPAA

GAO Criticizes HHS In Health Information Cybersecurity Report

On Monday, the Government Accountability Office (“GAO”) released a report (the “Report”) criticizing the U.S. Department of Health and Human Services (“HHS”) security and privacy guidance and oversight in protecting electronic protected health information (“ePHI”) from cybersecurity attacks.  The Report noted that HHS does not adequately address cybersecurity elements outlined by other agencies in published guidance and fails to address how key National Institute of Standards and Technology (“NIST”) cybersecurity framework  (“Cybersecurity Framework”) can be implemented in the operations of covered entities and business associates.  The GAO claims that the lack of adequate guidance by HHS, leaves health information vulnerable to cybersecurity attacks.

Continue reading

Leave a comment

Filed under Health Information Privacy, Health IT, HIPAA, HITECH Act

Advocate Data Breaches Result in Largest HIPAA Settlement To Date

On August 8th, 2016, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date with Advocate Health Care System (Advocate).  Advocate agreed to pay $5.55 million to settle a variety of HIPAA violations.  Advocate is the largest health system in Illinois and operates more than 400 sites of care with 12 acute care hospitals.  This settlement comes in the wake of a series of recent HIPAA violation settlements and other enforcement activities by OCR, including phase 2 of the HIPAA audit program.

Continue reading

Leave a comment

Filed under HIPAA, HITECH Act, Privacy and Security

FTC Announces Guidance for Developers of Mobile Health Apps

Chairwoman Edith Ramirez of the Federal Trade Commission (FTC) announced the release of new guidance directed towards developers of mobile health apps (the “Guidance”), while speaking today at the International Association of Privacy Professionals (IAPP) conference in Washington, DC.  The Guidance is a tool created in collaboration with the FTC, the U.S. Department of Health and Human Services (HHS), and the Food and Drug Administration (FDA) to assist app developers in determining what laws and regulations apply to their products. Continue reading

Leave a comment

Filed under FDA, Health Care, Health Information Privacy, Health IT, HIPAA, Medical Devices, Mobile Health, Privacy and Security

HHS Releases Crosswalk Between HIPAA Security Rule and NIST Framework

The U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR)  recently released a “crosswalk” developed with the National Institute of Standards and Technology (NIST) mapping  the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the NIST Framework for Improving Critical infrastructure Cybersecurity (the Framework).  This crosswalk was developed in order to assist healthcare organizations improve cybersecurity preparedness by using the Framework as a common language.  The crosswalk also includes mappings to other commonly used security frameworks.

Continue reading

Leave a comment

Filed under Health Care, Health Information Privacy, Health IT, HIPAA, Privacy and Security, Technology

ALJ Upholds OCR Enforcement Against Lincare, Inc. of $239,800

A U.S. Department of Health and Human Services (HHS) administrative law judge (ALJ) recently sustained an earlier HHS Office of Civil Rights (OCR)  decision to impose a civil money penalty (CMP) of $239,800 against Lincare Inc. (Lincare) in  connection with HIPAA violations discovered after a breach of patient records.  This is only the second time in history that OCR has sought a CMP for Health Insurance Portability and Accountability Act (HIPAA) violations.

Continue reading

Leave a comment

Filed under HIPAA, Privacy and Security, Uncategorized

University of Washington Medicine Agrees to Settle Alleged HIPAA Breach

Last week, the University of Washington Medicine (UWM), an affiliated covered entity that includes multiple entities such as the University of Washington Medical Center, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and implementing a substantial corrective action plan.

Continue reading

Leave a comment

Filed under Government Enforcement, Health Information Privacy, Health IT, HIPAA, Privacy and Security

Lahey Hospital Agrees to Settle Alleged HIPAA Breach

Recently, Lahey Hospital and Medical Center (Lahey), a nonprofit teaching hospital located in Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $850,000 and adopting a robust corrective action plan. Continue reading

Leave a comment

Filed under Government Enforcement, Health Information Privacy, Health IT, HIPAA, Privacy and Security