Federal Employment Law Articles

Benefits - HIPAA

Articles Discussing HIPAA.

For Law Firms

Get your firm featured on ELINFONET

We feature your alerts & events and send the clicks straight to your site.

Become an affiliate

HIPAA Enforcement Remains Strong in 2020

Maynard Nexsen·

It seems like every aspect of healthcare is changing during these uncertain times, but one thing remains the same – HIPAA enforcement is going strong. The Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS), responsible for enforcing HIPAA regulations, has bee

HIPAA Privacy and Coronavirus

FordHarrison·

With the recent spread of coronavirus (2019-nCoV), it is an important time to examine what information employers may share under HIPAA’s Privacy Rule during an outbreak of infectious disease or other emergency situation.

Response to Yelp Review Costs Small Dental Practice $10,000 and Two Years of Monitoring to Settle HIPAA Complaint

Jackson Lewis P.C.·

No business likes to receive bad reviews on Yelp® or anywhere else in social media. When they do, some feel the need to respond to clarify or rebut the reviews, but they must do so carefully. This is particularly true for HIPAA covered entities, as their responses could include protected health info

OCR Recognizes Insider Threats to HIPAA PHI, You Should Too

Jackson Lewis P.C.·

As we have observed here, news reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant an

Healthcare Organizations, Is Your Patient Portal Secure?

Jackson Lewis P.C.·

While healthcare organizations are embracing new technologies such as patient portals, a recent report shows that organizations’ cybersecurity measures for these technologies are behind the times. A patient portal is a secure online website that allows patients to access their Electronic Health Reco

EMR Provider Settles OCR Allegations for $100,000; Is Your EMR provider HIPAA compliant?

Jackson Lewis P.C.·

Many health care providers, including small and medium-sized physician practices, rely on a number of third party service providers to serve their patients and run their businesses. Perhaps the most important of these is a practice’s electronic medical record (EMR) provider, which manages and stores

HIPAA Penalties Change Under HHS Notice of Enforcement Discretion

Jackson Lewis P.C.·

When the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 became law, it made significant changes to the civil monetary penalties for violations of HIPAA. In addition to increasing the amounts of the penalties, HITECH created a tiered approach to penalties, establi

A Trio of OCR HIPAA Breach Resolutions: Is Your Organization HIPAA Compliant?

Jackson Lewis P.C.·

Over the past thirty days, the Office for Civil Rights (“OCR”) has reached three HIPAA breach resolutions, signaling to organizations that are covered entities and business associates under HIPAA, the importance of instituting basic best practices for data breach prevention and response.

ONC and OCR Update HIPAA Security Risk Assessment Tool for National Cyber Security Awareness Month

Jackson Lewis P.C.·

October 2018 marks the 15th annual National Cyber Security Awareness Month. In honor of this occasion, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have jointly launched an updated HIPAA Security Risk Assessment (SRA) Tool t

Enhanced HHS HIPAA Breach Reporting Tool May Aid Health Care Industry Data Security Efforts

Jackson Lewis P.C.·

Secretary Tom Price of the U.S. Department of Health and Human Services (HHS) announced his agency needs “to focus more on the most recent breaches and clarify when entities have taken action to resolve the issues that might have led to their breaches.” Accordingly, HHS’ Office of Civil Rights has l

Smaller HIPAA Breaches To Get More Attention by Office for Civil Rights

Jackson Lewis P.C.·

The HIPAA breach notification rule has two buckets for classifying data breaches – those that involve “protected health information” (PHI) of 500 or more individuals and those that involve fewer than 500 individuals. Since the breach notification rule became effective, the Office of Civil Rights’ (O

Check Your Spam Filter, You Might Have Been Selected for a HIPAA Audit!

Jackson Lewis P.C.·

Yesterday, the federal Office for Civil Rights (OCR) announced Phase 2 of its HIPAA Audit Program (Program). In its announcement, the OCR reports that the Program is underway and provides some helpful FAQs for covered entities and business associates about the Program. Preparation is critical and th

HIPAA Covered Entities Not Responsible For Intercepted Transmission of PHI When Individual Requested Unsecured Transmission, Office for Civil Rights Concludes

Jackson Lewis P.C.·

Earlier this month, the Office for Civil Rights (OCR) issued guidance on an individual’s right to access the individual’s health information. That an individual has a broad right to access has been recognized in the HIPAA privacy regulations since they became effective in 2003. OCR has found, howeve

Million Dollar HIPAA Settlements Are About Compliance, Not Harm to Individuals

Jackson Lewis P.C.·

In the last two weeks, the Office for Civil Rights (OCR) announced two substantial settlements under HIPAA that together totaled $4.35 million. These large amounts seem to be driven not by actual harm to individuals, but in significant part by alleged HIPAA compliance failures identified by OCR foll

Healthcare Worker Gives New Employer Patient Records, Old Employer Pays $15,000 to NY Attorney General For HIPAA Violation

Jackson Lewis P.C.·

One of your employees discloses your organization’s patient information to a soon-to-be new employer for use in generating business at the new employer’s competing business, and your company has to settle with the New York State Attorney General for HIPAA violations. Make sense?

Lamar Odom & HIPAA: A Kardashian Takeaway for Employers

Goldberg Segalla·

Reality television fans and others were saddened recently when news of a Kardashian family member’s overdose hit the news. Lamar Odom, sometime beau of Khloe Kardashian, was hospitalized after the incident, and his privacy was reportedly violated when staffers at the medical center where he was trea

HIPAA Phase 2 Audits to Start in Early 2016, OCR States In Response to OIG Recommendations

Jackson Lewis P.C.·

Responding to a Department of Health and Human Services Office of Inspector General (OIG) report recommending stronger oversight of covered entities’ compliance with the HIPAA Privacy Rule, the Office for Civil Rights (OCR) stated that in early 2016 it will launch Phase 2 of its audit program measur

HIPAA Audits Maybe, But Audit Preparedness Definitely!

Jackson Lewis P.C.·

According to a Bloomberg article, the second phase of HIPAA audits by the Office for Civil Rights (OCR), originally set to commence in 2014, may be coming soon. This update came at a HIPAA conference co-hosted by OCR during which OCR Director Jocelyn Samuels said the agency was in the process of con

Cancer Care Group to Pay $750,000 to Settle HIPAA Breach, as KPMG Finds 81 Percent of Hospitals and Health Insurance Companies had a Breach in the Past Two Years

Jackson Lewis P.C.·

On September 2, the Office for Civil Rights (OCR) reported that it agreed to settle potential violations of the HIPAA privacy and security regulations with Cancer Care Group, Inc. The dollar amount of the settlement, $750,000, is significant, and the agreement to adopt a robust, multi-year correctiv

Business Associate Agreements May Require Amendment

FordHarrison·

The Omnibus Final Rule (the "Omnibus Rule") under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), was issued in January, 2013 effective March 26, 2013, but with a general compliance deadline of September 23, 2013. Compliance with the Omnibus Rule required changes to many H