Header graphic for print
HealtHITechLaw HIPAA, HITECH and Beyond

Tag Archives: PHI

HHS HIPAA Security Risk Assessment Tool Now Available

Posted in Security

Many thanks once again to our colleague, Sylvia Brown, for her assistance in authoring this post. The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the U.S. Department of Health & Human Services (HHS) Office of Civil Rights (OCR), recently released a security risk asessment tool (SRA Tool) to assist entities… Continue Reading

New HHS Guidance on HIPAA Privacy Rule and Sharing Mental Health Information

Posted in Access Rights, Behavioral Health

Many thanks to our colleague Robin Canowitz for assisting us in drafting this post. The U.S. Department of Health & Human Services (“HHS”) issued new guidance regarding the HIPAA Privacy Rule and its relationship to mental health information disclosures (“Guidance”).  The Guidance addresses when providers may appropriately share the protected health information (“PHI”) of their mental health… Continue Reading

Who Are My Business Associates, and Why the HIPAA Should I Care?

Posted in Rulemaking

Much has been made about business associates in HITECH and the HIPAA Final Omnibus Rule.  In a previous post and in our webinar we hit on the high points – that much of HIPAA applies directly to business associates, and that business associates themselves have obligations relative to their business associates.  Indeed, not only do… Continue Reading

OCR Settles with Hospice of Northern Idaho for $50,000.00

Posted in Enforcement

OCR’s recent enforcement action against a small non-profit hospice organization in Idaho is more evidence that OCR is looking carefully at HIPAA Security Rule compliance.  On December 28, 2012, HHS announced that Hospice of Northern Idaho (“HONI”) had agreed to pay HHS $50,000 to settle potential violations of the HIPAA Security Rule.  This is the… Continue Reading

OCR Presents Preliminary HIPAA Audit Findings

Posted in Enforcement

OCR’s Audit Program, which began in December 2011, is part of HHS’ efforts under HITECH to assess HIPAA compliance by covered entities, identify best practices, and discover risks and vulnerabilities in protecting the privacy and security of PHI which may not have come to light through OCR’s complaint investigation and compliance reviews. OCR has repeatedly stated that… Continue Reading

OCR EDUCATES CONSUMERS REGARDING HIPAA RIGHT OF ACCESS

Posted in Enforcement

Health care providers and health plans should expect an increase in patient requests for their own health care information as OCR continues to emphasize the HIPAA right of access. On May 31, 2012, Leon Rodriguez, Director of OCR, issued a memorandum regarding patients’ fundamental right to access their own health care information.  See  hhs.gov/ocr/privacy/hipaa/understanding/consumers/righttoaccessmemo.pdf.  Director Rodriguez,… Continue Reading

Blue Cross Blue Shield Settles HIPAA Violation With HHS for $1.5 Million

Posted in Enforcement

On March 13, 2012, HHS announced that Blue Cross Blue Shield of Tennessee (“BCBST”) has agreed to pay it $1.5 million to settle  potential HIPAA violations arising from the theft of 57 unencrypted computer hard drives from a leased facility in Tennessee.  This settlement is significant because it is OCR’s first enforcement action arising out… Continue Reading