Tag Archives: OCR

GAO Criticizes HHS In Health Information Cybersecurity Report

On Monday, the Government Accountability Office (“GAO”) released a report (the “Report”) criticizing the U.S. Department of Health and Human Services (“HHS”) security and privacy guidance and oversight in protecting electronic protected health information (“ePHI”) from cybersecurity attacks.  The Report noted that HHS does not adequately address cybersecurity elements outlined by other agencies in published guidance and fails to address how key National Institute of Standards and Technology (“NIST”) cybersecurity framework  (“Cybersecurity Framework”) can be implemented in the operations of covered entities and business associates.  The GAO claims that the lack of adequate guidance by HHS, leaves health information vulnerable to cybersecurity attacks.

Continue reading

Leave a comment

Filed under Health Information Privacy, Health IT, HIPAA, HITECH Act

Advocate Data Breaches Result in Largest HIPAA Settlement To Date

On August 8th, 2016, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date with Advocate Health Care System (Advocate).  Advocate agreed to pay $5.55 million to settle a variety of HIPAA violations.  Advocate is the largest health system in Illinois and operates more than 400 sites of care with 12 acute care hospitals.  This settlement comes in the wake of a series of recent HIPAA violation settlements and other enforcement activities by OCR, including phase 2 of the HIPAA audit program.

Continue reading

Leave a comment

Filed under HIPAA, HITECH Act, Privacy and Security

HHS Releases Crosswalk Between HIPAA Security Rule and NIST Framework

The U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR)  recently released a “crosswalk” developed with the National Institute of Standards and Technology (NIST) mapping  the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the NIST Framework for Improving Critical infrastructure Cybersecurity (the Framework).  This crosswalk was developed in order to assist healthcare organizations improve cybersecurity preparedness by using the Framework as a common language.  The crosswalk also includes mappings to other commonly used security frameworks.

Continue reading

Leave a comment

Filed under Health Care, Health Information Privacy, Health IT, HIPAA, Privacy and Security, Technology

ALJ Upholds OCR Enforcement Against Lincare, Inc. of $239,800

A U.S. Department of Health and Human Services (HHS) administrative law judge (ALJ) recently sustained an earlier HHS Office of Civil Rights (OCR)  decision to impose a civil money penalty (CMP) of $239,800 against Lincare Inc. (Lincare) in  connection with HIPAA violations discovered after a breach of patient records.  This is only the second time in history that OCR has sought a CMP for Health Insurance Portability and Accountability Act (HIPAA) violations.

Continue reading

Leave a comment

Filed under HIPAA, Privacy and Security, Uncategorized

University of Washington Medicine Agrees to Settle Alleged HIPAA Breach

Last week, the University of Washington Medicine (UWM), an affiliated covered entity that includes multiple entities such as the University of Washington Medical Center, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and implementing a substantial corrective action plan.

Continue reading

Leave a comment

Filed under Government Enforcement, Health Information Privacy, Health IT, HIPAA, Privacy and Security

Lahey Hospital Agrees to Settle Alleged HIPAA Breach

Recently, Lahey Hospital and Medical Center (Lahey), a nonprofit teaching hospital located in Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $850,000 and adopting a robust corrective action plan. Continue reading

Leave a comment

Filed under Government Enforcement, Health Information Privacy, Health IT, HIPAA, Privacy and Security

OIG Releases FY2016 Work Plan: Areas to be Reviewed Include SNFs, Drug Pricing, HIPAA

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) released this week its FY2016 Work Plan (Work Plan). The OIG Work Plan summarizes new and ongoing OIG reviews of various HHS programs and activities, which are selected based on a number of factors such as mandatory OIG review requirements; requests from Congress, HHS management, or the Office of Management and Budget (OMB); and previously identified issues. Some key, new OIG reviews in the FY2016 Work Plan include the following:

Medicare Payments

Continue reading

Leave a comment

Filed under Corporate Compliance, DHHS OIG, Fraud and Abuse, OIG Guidance