Tag: HIPAA

HHS Releases Security Risk Assessment Tool for Small Provider Groups

The U.S. Department of Health and Human Services (“HHS”), in collaboration with the Office of the National Coordinator for Health Information Technology (“ONC”), recently developed a tool to assist certain health care providers with conducting security risk assessments (the “SRA Tool”) as required by the Health Insurance Portability and Accountability Act […]

County Pays $215,000 to Resolve Alleged HIPAA Non-Compliance

On March 7, 2014, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Skagit County, Washington, has agreed to pay $215,000 and enter into a three year corrective action plan in order to settle alleged violations of the Health Insurance Portability and Accountability Act […]

Government to Resume HIPAA Compliance Audits in 2014

This week at the Healthcare Information and Management Systems Society (“HIMSS”) Conference, Susan McAndrew, the Deputy Director for Information Privacy at the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”), announced that OCR is planning to resume its HIPAA compliance audit program in 2014.  As a […]

Oklahoma Board of Medicine Passes Rule Requiring that Telehealth Technology be HIPAA Compliant

After a physician in Oklahoma was disciplined for, among other things, using non-HIPAA compliant technology to treat patients, the Oklahoma Medical Board has adopted a new rule (the “Oklahoma Telemedicine Rule”) regarding the practice of telemedicine in the state.  The Oklahoma Telemedicine Rule (Okla. Admin. Code. § 435:10-7-13) sets forth multiple requirements regarding […]

Breach of Patient Information at University of Washington Medical Center

Last week, the University of Washington Medical Center (“UWMC”) issued a press release explaining the details of a recent data breach and corrective action undertaken.  Specifically, in early October 2013, a UWMC employee opened an email attachment that contained malicious software (“malware”).  The malware took control of the computer in […]

HIPAA Breach at Iowa Hospital Chain Highlights the Vulnerability of Electronic Medical Records and the Importance of Internal Audits

Another month, another HIPAA breach.  On October 2, 2013, UnityPoint Health, a large network of hospitals and clinics in Iowa and Illinois, announced that it had discovered a breach of its electronic medical records system and alerted the FBI.  The breach, in which a contractor gained access to the system over the course of […]

HHS Releases Omnibus Rule Guidance on Refill Reminders and Other Topics

Last week, the U.S. Department of Health and Human Services (“HHS”) released guidance that helps to clarify four parts of the Final HIPAA Omnibus Rule (the “Omnibus Rule”) – many provisions of which become effective today.  Specifically, HHS released clarification regarding how the Omnibus Rule governs the following topics: 1) […]