Archives: HIPAA

Subscribe to HIPAA RSS Feed

HIPAA’S Privacy Rule: Having a Policy – But Not Enforcing It – Costs Provider $5.5 Million

The Office for Civil Rights (OCR) announced a settlement agreement for $5.5 million dollars with Florida’s Memorial Healthcare Systems (MHS) stemming from allegations it failed to protect patient data. The privacy violation arose out of the unauthorized access of 115,143 patients by MHS employees. The information that was compromised consisted of names, dates of birth and social security numbers. A majority of these impermissible actions occurred when a former employee’s login credentials were used from 2011-2012 which affected 80,000 individuals.… Read More

OCR Penalizes Slow Data Breach Response

The Office of Civil Rights (OCR) first HIPAA settlement of 2017 is based on a failure to report a breach of health information in a timely manner. The settlement was reached with Presence Health, a large health care network that operates in approximately 150 locations in Illinois. Presence Health has agreed to settle the potential violations by paying a fine of $475,000 and implementing a corrective action plan to deal with this problem in the future.

The settlement stems from … Read More

HIPAA Phase II Audits Begin

On Monday, March 21, 2016, the Health and Human Services Office for Civil Rights (“OCR”) began the long-awaited Phase II of OCR’s random audit program to determine compliance with the patient privacy provisions included in the Health Insurance Portability and Accountability Act (“HIPPA”). As we discussed earlier here, these audits will extend beyond simply covered entities and will also include business associates.

Covered entities and business associates will receive an email from OCR entitled “Audit Entity Contact Verification.”  This … Read More

Are You Prepared for HHS Office of Civil Rights Random HIPAA Audits?

After several months of delay, the Health and Human Services Office for Civil Rights (“OCR”) has selected a vendor to begin Phase II of OCR’s random HIPAA audits mandated by the HITECH Act.  The program’s first phase included over 100 pilot audits, and phase II was to have begun in late 2014. While the first round of audits included only covered entities, OCR will include business associates in the next round.  The audits will assess compliance with the HIPAA privacy, … Read More

Cyber Insurance: What Terms and Conditions Should I Consider When Buying?

*This is the fifth post in a five-part series on cyber insurance, culminating in a webinar entitled “Insurance Coverage for Privacy and Data Breaches, Hot Topics and Critical Issues” on Wednesday, April 22, 2015, at 12:00-1:00 p.m. Eastern. 

A common question we often hear CEOs, CFOs, and Directors of businesses and public and private institutions ask is “What terms and conditions should I consider when buying cyber insurance?” We have compiled a list of some of the most important … Read More

Happy Birthday, HIPAA!

birthday_freebies
Today, April 14, 2015, marks the 12th anniversary of the compliance date for the HIPAA Privacy Rules for most “Covered Entities” – healthcare providers who engage in certain electronic transactions, health plans, and healthcare clearing houses. (Small group health plans had 1 extra year, until April 14, 2004, to come into compliance with the Privacy Rules.)

What’s HIPAA?
The HIPAA Privacy Rules were the first comprehensive federal rules to protect the privacy and confidentiality of an Individual’s health and medical … Read More

How To Advise Tech Start-Ups in Practice, Not Theory

What career could possibly be more exciting than serving as a privacy lawyer for tech start-up companies? This is a question I asked myself a few years back, right after I finished clerking for a couple of terrific federal judges and right as I was considering starting the privacy practice I had envisioned as a law student sitting in Prof. Fred Cate’s classes at the Indiana University Maurer School of Law several years earlier. At that time, my answer was … Read More

Lawless Published in The Privacy Advisor

“How To Advise Tech Start-Ups in Practice, Not Theory,” an article by Taft Cincinnati attorney Matthew D. Lawless, was published in IAPP’s The Privacy Advisor on March 24.

About the IAPP
The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.… Read More

Rorer is guest speaker at the Ohio Society of Radiologic Technologists Conference

On April 10, Taft partner Sara S. Rorer will speak at the 2015 Annual Ohio Society of Radiologic Technologists Conference in Dublin, Ohio. She will present “Social Media: Privacy Compliance Challenges for Healthcare Providers” and will focus primarily on HIPAA compliance. The conference runs April 9-10.

About OSRT
The Ohio Society of Radiologic Technologists (OSRT) is an organization with a Vision of improving the health care of Ohio’s citizens assuring that patients receive excellent medical imaging and radiation therapy care.… Read More

Employer Notification Obligations in Wake of Anthem Data Breach

Many employers are wondering what their obligations are in the wake of the Anthem data breach announced on February 5, 2015.  Anthem is a large insurer with customers in 14 states. Anthem stated in its letter that only personal information was accessed during the security breach, but, apparently, no medical information was accessed.  Therefore, Anthem, apparently, has not yet determined whether it believes HIPAA is in play since “only” personally identifiable information was accessed.  (A brief definition/overview of HIPAA is … Read More

LexBlog