The Massachusetts Attorney General’s Office announced Thursday that it has settled, for $750,000, a data breach lawsuit filed against South Shore Hospital under the Massachusetts Consumer Protection Act and the federal Health Insurance Portability and Accountability Act (HIPAA). The alleged HIPAA violation arose from unencrypted back-up tapes that South Shore…
On November 17, 2011, the Centers for Medicare and Medicaid Services (“CMS”) announced that it will delay enforcement action until March 31, 2012 for those Health Information Portability and Accountability Act (“HIPAA”) covered entities that are not in compliance with the ASC X12 Version 5010, NCPDP Telecom D.0 and NCPDP…
In August, we posted an entry regarding the newly announced Health Information Portability and Accountability Act of 1996 (“HIPAA”) audits that would be underway, pursuant to Section 13411 of the Health Information Technology for Economic and Clinical Health Act (“HITECH”). Section 13411 provides, in its entirety: SEC. 13411. AUDITS. The…
On September 14, 2011, the Centers for Medicare and Medicaid Services (“CMS”) published in the Federal Register a proposed rule amending the Clinical Laboratory Improvement Amendments of 1988 (“CLIA”) and the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to specify that, upon request, a patient may gain access…
The Health Information Technology for Economic and Clinical Health Act (“HITECH”) requires the Office of Civil Rights (“OCR”) to conduct periodic audits of covered entities in connection with complying with the privacy and security requirements set forth in Health Insurance Portability and Accountability Act (“HIPAA”). In June, the OCR awarded…
In an August 1, 2011 letter to the U.S. Department of Health and Human Services Secretary, Kathleen Sebelius, the American Hospital Association (“AHA”) urges the Centers for Medicare and Medicaid Services (“CMS”) to reevaluate its HIPAA Privacy Rule Accounting of Disclosures Proposed Rulemaking (“Proposed Rule”). The AHA is the latest…
On May 31, 2011, the Department of Health and Human Services (“HHS”) issued a notice of proposed rulemaking (“Proposed Rule”) in relation to the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule (“Privacy Rule”). The Proposed Rule concerns changes to the accounting disclosures requirement of the Privacy Rule. The…
In its first civil monetary penalty issued for a covered entity’s violation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, the Department of Health and Human Services (HHS), through its Office of Civil Rights (OCR), imposed a $4.3 million penalty on Cignet Health of Prince George’s County,…
For those providers and entities that think HIPAA violations are no big deal or that have yet to implement required policies and procedures, they are well advised to review the Department of Health and Human Services July 27, 2010 press release announcing a $1 million dollar settlement related to allegations…
In addition to the many aspects of the new HIPAA rules modifying the existing HIPAA Privacy and Security Rules, if the proposed rules are finalized, covered entities will be required to make “material modifications” to their Notice of Privacy Practices (“Notice”) therefore triggering obligations to revise and distribute the “new”…