Tag Archives: PHI

Who Are My Business Associates, and Why the HIPAA Should I Care?

By J. Liam Gruzs on February 21st, 2013 Posted in Rulemaking

Much has been made about business associates in HITECH and the HIPAA Final Omnibus Rule. In a previous post and in our webinar we hit on the high points – that much of HIPAA applies directly to business associates, and that business associates themselves have obligations relative to their business associates. Indeed, not only do… Continue Reading

OCR Settles with Hospice of Northern Idaho for $50,000.00

By Lisa Pierce Reisz on January 9th, 2013 Posted in Enforcement

OCR’s recent enforcement action against a small non-profit hospice organization in Idaho is more evidence that OCR is looking carefully at HIPAA Security Rule compliance. On December 28, 2012, HHS announced that Hospice of Northern Idaho (“HONI”) had agreed to pay HHS $50,000 to settle potential violations of the HIPAA Security Rule. This is the… Continue Reading

OCR Presents Preliminary HIPAA Audit Findings

By Lisa Pierce Reisz on June 21st, 2012 Posted in Enforcement

OCR’s Audit Program, which began in December 2011, is part of HHS’ efforts under HITECH to assess HIPAA compliance by covered entities, identify best practices, and discover risks and vulnerabilities in protecting the privacy and security of PHI which may not have come to light through OCR’s complaint investigation and compliance reviews. OCR has repeatedly stated that… Continue Reading

OCR EDUCATES CONSUMERS REGARDING HIPAA RIGHT OF ACCESS

By Lisa Pierce Reisz on May 31st, 2012 Posted in Enforcement

Health care providers and health plans should expect an increase in patient requests for their own health care information as OCR continues to emphasize the HIPAA right of access. On May 31, 2012, Leon Rodriguez, Director of OCR, issued a memorandum regarding patients’ fundamental right to access their own health care information. See hhs.gov/ocr/privacy/hipaa/understanding/consumers/righttoaccessmemo.pdf. Director Rodriguez,… Continue Reading

Blue Cross Blue Shield Settles HIPAA Violation With HHS for $1.5 Million

By Lisa Pierce Reisz on March 17th, 2012 Posted in Enforcement

On March 13, 2012, HHS announced that Blue Cross Blue Shield of Tennessee (“BCBST”) has agreed to pay it $1.5 million to settle potential HIPAA violations arising from the theft of 57 unencrypted computer hard drives from a leased facility in Tennessee. This settlement is significant because it is OCR’s first enforcement action arising out… Continue Reading