Tag Archives: protected health information

OCR Plans to More Widely Investigate HIPAA Breaches Affecting Fewer than 500 Individuals

This month the HHS Office for Civil Rights (OCR) has launched an initiative “to more widely investigate the root causes” of HIPAA breaches affecting fewer than 500 individuals, according to an August 18, 2016 OCR email announcement. While Regional Offices will retain discretion to prioritize investigation of smaller breaches, each office is directed to “increase … Continue Reading

Energy & Commerce Committee Approves Mental Health System Reform Bill

The House Energy & Commerce Committee has unanimously approved an amended version of H.R. 2646, the Helping Families in Mental Health Crisis Act, which is intended to reform the nation’s mental health care system. Among other things, the bill would: provide grants to increase access to treatment for children with mental disorders and individuals with … Continue Reading

SAMHSA Proposes Revisions to Substance Abuse Records Privacy Protections to Support Delivery Reform

The Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposed rule on February 9, 2016 that is intended to modernize regulations governing the confidentiality of substance abuse records to ensure that patients with substance use disorders have the ability to participate in new integrated health care models that emphasize coordinated care while addressing … Continue Reading

OIG Calls for Stronger HIPAA Compliance Efforts

The OIG has issued two reports calling for stronger ONC oversight of covered entity compliance with HIPAA standards. In the first report, “OCR Should Strengthen Its Oversight of Covered Entities’ Compliance with the HIPAA Privacy Standards,” the OIG observes that OCR’s Privacy Rule compliance oversight is primarily reactive based on complaints since it has not … Continue Reading

HHS Releases HIPAA Security Risk Assessment Tool

HHS has developed a Security Risk Assessment (SRA) tool to help providers comply with a Health Insurance Portability and Accountability Act (HIPAA) requirement that covered entities conduct a risk assessment to ensure compliance with HIPAA’s administrative, physical, and technical safeguards and to determine where electronic protected health information could be at risk. The SRA tool is intended … Continue Reading

The HITECH Final Rule: New Privacy/Security Rules of the Road Finally Here

This post was also written by Elizabeth D. O’Brien. On January 25, 2013, the HHS Office for Civil Rights published its long-awaited final rule implementing major changes to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules mandated by the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act). Among other things, the … Continue Reading

It’s Here: OCR Releases Long Awaited HIPAA/HITECH Final Rule

The Office for Civil Rights ("OCR") of the Department of Health and Human Services released today the long awaited, and much anticipated, omnibus final rule modifying the HIPAA Privacy, Security, Breach and Enforcement Rules. The final rule, which implements the statutory requirements of the Health Information Technology for Economic and Clinical Health Act ("HITECH") and the Genetic Information Nondiscrimination Act ("GINA"), is comprised of four final rules and addresses the July 2010 HITECH proposed rule, the Breach Notification and Enforcement interim final rules, as well as the October 2009 GINA proposed rule (collectively, the "HITECH Final Rule"). Notably, the HITECH Final Rule does not address the May 2011 proposed accounting and access report rule.… Continue Reading

OIG Recommends Improvements to CMS Response to Health Information Breaches

The OIG has given the CMS mixed reviews regarding the extent to which it meets American Recovery and Reinvestment Act (Recovery Act) requirements to notify affected beneficiaries when the privacy or security of their protected health information is compromised. In the report, “CMS Response to Breaches and Medical Identity Theft,” the OIG assesses how CMS … Continue Reading

U.S. District Court Decides Whistleblower Cannot Rely on Stolen Patient Records

Reed Smith’s Life Sciences Legal Update blog discusses a recent decision by the United States District Court for the Southern District of Ohio that may make it much harder for qui tam relators to rely upon stolen medical records or patient information in False Claims Act (“FCA”) whistleblower actions. In the decision, Cabotage v. Ohio … Continue Reading

GAO Examines HHS Action on Privacy and Security of Prescription Drug Data

The GAO has issued a report entitled “Prescription Drug Data: HHS Has Issued Health Privacy and Security Regulations but Needs to Improve Guidance and Oversight.” The report assesses the extent to which HHS has established a framework to ensure the privacy and security of Medicare beneficiaries’ protected health information when data on prescription drug use … Continue Reading

OIG Reports on the Security of Electronic Patient Health Information

The OIG has released two reports on health information technology (HIT) security issues. The first report is entitled “Nationwide Rollup Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight.” The review, involving seven hospital audits, the OIG concluded that CMS’s oversight and enforcement actions were not sufficient to ensure … Continue Reading

HHS Proposes Implementation of the HIPAA Privacy Rule’s Standard for Accounting of Health Information Disclosures

This post was originally written for the Life Sciences Legal Update blog by Gina M. Cavalier, Vicky G. Gormanly and Brad M. Rostolsky. Pursuant to the HITECH Act, covered entities and business associates must account for disclosures of PHI for treatment, payment and health care operations if the disclosures are through an electronic health record. This … Continue Reading
LexBlog