Header graphic for print
HealtHITechLaw HIPAA, HITECH and Beyond

Tag Archives: Compliance

Unencrypted Laptops Result In Significant HIPAA Fines

Posted in Breach, Enforcement

In April 2014, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) continued to emphasize the importance of encryption in maintaining the confidentiality and security of protected health information (“PHI”), especially in addressing and mitigating the significant risk to PHI posed by unencrypted laptops and other mobile devices. On April 22,… Continue Reading

OCR TO BEGIN SECOND ROUND OF HIPAA AUDITS

Posted in Enforcement, OCR Audits

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has announced that it is gearing up for its second round of HIPAA compliance audits later this year.  The HIPAA Audit Program is authorized under Section 13411 of the HITECH Act and is intended to assess compliance with the HIPAA Privacy, Security,… Continue Reading

Dermatology Practice Hit With $150,000 HIPAA Penalty

Posted in Breach, Enforcement

2013 ended like it started – with OCR actively monitoring and enforcing health care provider HIPAA compliance.  On December 26, 2013, OCR imposed a $150,000 penalty and a corrective action plan upon a Massachusetts dermatology physician practice arising out of a self-reported HIPAA breach.   See Resolution Agreement. In October 2011, Adult & Pediatric Dermatology, P.C. of… Continue Reading

HIPAA Security Risk Analysis: Fact or Fiction?

Posted in Meaningful Use, Security

Leading up to the recent compliance date for the Final HIPAA Rule, much was made about the need for providers to perform a security risk analysis.  Quite a bit of dialogue around the increased security compliance obligations centered on the security risk analysis as a foundational requirement of HIPAA.   Although this is not a new requirement, heightened… Continue Reading

Who Are My Business Associates, and Why the HIPAA Should I Care?

Posted in Rulemaking

Much has been made about business associates in HITECH and the HIPAA Final Omnibus Rule.  In a previous post and in our webinar we hit on the high points – that much of HIPAA applies directly to business associates, and that business associates themselves have obligations relative to their business associates.  Indeed, not only do… Continue Reading