“The definition of a data ‘breach’ was changed. The Omnibus Rules replaced the more subjective ‘harm standard’ with a more objective test that requires the covered entity to determine (based on a four-factor risk assessment) whether protected health information has been ‘compromised.’” (Snell & Wilmer) One of the key components of the new HIPAA /… Read more »
No time read all 563 pages of the US Department of Health and Human Services Office for Civil Rights’ HIPAA/HITECH Omnibus Rule? Here’s a summary of key points: Effective Date: “The Enforcement Rule changes are effective on March 26, 2013. The additional 180 days afforded for most of the provisions in the Final Rule apply… Read more »
“The Final Rule represents the most significant development in healthcare privacy law since the issuance of the final Privacy Rule and Security Rule a decade ago.” (Morgan Lewis) On January 17, 2013, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) released its final omnibus rule, strengthening the… Read more »
What’s on your mind? Four themes in particular, if we go by what you’ve read over the past year: Legal issues related to doing business internationally Dodd-Frank regulations and other financial reforms Intellectual property Health care, including in particular HIPAA regulations and health care reform As popular as those issues were, however, there are many… Read more »
“HIPAA places tight restrictions on the use and disclosure of protected health information, but there are many ways to ‘de-identify’ it, freeing it from HIPAA’s constraints. Covered entities and business associates can use de-identification to reduce their exposure to HIPAA and expand their use of health data.” (Davis Wright Tremaine) On November 26, 2012, the… Read more »
“New medicine is mobile, miniature and you can play angry birds on it. But what does that mean for security and privacy?” (Jo Ellen Whitney of law firm Davis Brown) The Massachusetts Eye and Ear Infirmary (MEEI) received a $1.5 million lesson in HIPAA and mobile device security earlier this month. Not because MEEI lost… Read more »
In late June 2012, the Department of Health and Human Services Office for Civil Rights published its long-awaited HIPAA compliance audit protocol. For covered entities and business associates, the protocol serves as a roadmap of practices and procedures that help ensure compliance and avoid fines and other sanctions. Law firm Mintz Levin: “The protocol addresses… Read more »
What’s on your mind? ICANN’s generic top-level domain names, HIPAA compliance and violations, the SCOTUS RadLAX ruling, the EU Cookie Directive, that’s what (and more!). For your reference, the most-read Corporate Law Report posts in June, 2012: 1. HIPAA Compliance: 6 Audit Questions (and Answers) for Covered Entities “Late last year, members of the Senate… Read more »
The Office of Civil Rights (OCR) recently reported on its first round of HIPAA compliance audits. There’s much for everyone to learn from the results. Some early takeaways: 1. Small covered entities have more issues than larger ones “Six of the 20 audited entities (30%) were small entities (e.g., $50 million or less in revenue),… Read more »
What are the issues that interest you the most? HIPAA compliance, human trafficking, and the JOBS Act, among other things. For your reference, here’s a look at the most-read Corporate Law Report posts during the month of May, 2012: 1. California Transparency in Supply Chains Act Takes Effect January 1, 2012 “The California Transparency in… Read more »
Earlier this month, the Ninth Circuit Court of Appeals upheld the conviction of Huping Zhou, a former employee of the UCLA Health System, for illegally accessing protected health information in violation of the Health Insurance Portability and Accountability Act (HIPAA). The decision provides an important clarification of HIPAA rules for health care providers, their employees,… Read more »
Federal regulators are stepping up their enforcement of the Health Insurance Portability and Accountability Act (HIPAA), as a recent $100,000 fine levied on Phoenix Cardiac Services demonstrates. From law firm Mintz Levin: “The settlement reaffirms OCR’s commitment to enforcing the Privacy and Security Rules, and its willingness to sanction covered entities for HIPAA violations.” (The… Read more »
What’s on your mind? Human trafficking, online advertising, corporate bribery, and legal issues for nonprofits, among other things. For your reference, here’s a look at the most-read Corporate Law Report posts over the past month: 1. California Transparency in Supply Chains Act Takes Effect January 1, 2012 “The California Transparency in Supply Chains Act of… Read more »
What’s on your mind? Human trafficking, the mortgage foreclosure settlement, investor visas to the US, and HIPAA compliance and violations, among other things. For your reference, here’s a look at the most-read Corporate Law Report posts over the past month: 1.California Transparency in Supply Chains Act Takes Effect January 1, 2012 “The California Transparency in… Read more »
In November 2009, 57 unencrypted computer hard discs containing protected health information of more than one million people were stolen from a storage locker leased by Blue Cross Blue Shield of Tennessee (BCBST). Recently, the Department of Health and Human Services entered into a $1.5 million settlement with BCBST over privacy and security violations as… Read more »
