{ Banner Image }

Showing 6 posts in HIPAA.

HIPAA Compliance Considerations During the Pandemic

HIPAA Compliance COVIDThis article has been updated with new information since it was originally published on November 16, 2020.

As health care providers continue to face new challenges relating to the COVID-19 pandemic, it is important for providers to maintain compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Although the Department of Health and Human Services Office for Civil Rights (“OCR”) has loosened some requirements to allow health care providers flexibility during the COVID-19 pandemic, a majority of the patient protections under the HIPAA Privacy Rule have remained intact. Read More ›

Categories: Compliance, Cybersecurity, Electronic Health Records, HIPAA

Michigan Marijuana Retailers: Data Privacy and Cybersecurity Risks

More than 30 states have legalized medical marijuana and more than 10 have legalized marijuana for recreational use, including Michigan in a 2018 ballot proposal. Marijuana retailers have significant issues to address as the industry and the rules governing it mature over time. Among those issues, retailers should not overlook data privacy and cybersecurity issues.   Read More ›

Categories: Cybersecurity, Electronic Health Records, HIPAA

HHS Office for Civil Rights Publishes Checklist for HIPAA Covered Entities Responding to Cybersecurity Incidents

The U.S. Department of Health and Human Service's Office for Civil Rights ("OCR") recently published guidance for entities covered by HIPAA, entitled "My entity just experienced a cyber-attack! What do we do now?" Read More ›

Categories: Cybersecurity, Digital Assets, Electronic Health Records, Fraud & Abuse, HIPAA

Assembling Your Company's Data Breach Response Plan

Business TeamNo matter how carefully, thoughtfully and diligently a company works to prevent it, data breaches happen. Company management, IT teams and outside consultants can do everything right and still end up dealing with a breach. That means that knowing how to best respond when (not if) a breach happens should be part of every company’s data protection strategy.

We recommend that every company assemble a security breach team, consisting of individuals inside and outside of the organization who possess different skill sets. This may include technology officers, as well as staff from IT, human resources, communications, legal departments, outside counsel, and outside vendors. The composition of the team will depend on the type and size of the organization, but each member should be in a position and have skills that enable the organization to quickly and properly respond to an incident. The team must also be equipped, authorized and empowered to evaluate and immediately react to an incident once it has occurred. Read More ›

Categories: HIPAA, News, Privacy, Technology

Filming for TV Show Results in HIPAA Violation and $2.2 Million Settlement Paid by New York Presbyterian Hospital

HospitalIt’s not uncommon for “covered entities” such as hospitals and health systems to violate the Privacy Rule under the Health Insurance Portability and Protection Act of 1996 (“HIPAA”). A stolen laptop or misplaced file can expose information that should be protected. Rarely, however, does a violation arise from the filming of a television show. But that’s exactly what happened in the case of New York Presbyterian Hospital (“NYP”), which recently entered into a settlement with the Department of Health and Human Services, Office for Civil Rights (“OCR”) for $2.2 million. Read More ›

Categories: HIPAA, Privacy

Into the Breach . . .

breachSmartphone usage has skyrocketed in the past few years.  Physicians are no exception to the trend - with more than 81% of physicians using smartphones.  Disturbingly, the number of health data breaches has risen in tandem with increased smartphone usage, and most experts agree that the increase is no coincidence.

Recent reports have indicated that 96% of all health care organizations have experienced at least one data breach during the past two years. Although the report did not detail the number of data breaches attributable to mobile devices, there is agreement that the widespread use of mobile devices is putting patient data at risk. Read More ›

Categories: HIPAA