Tag Archives: HIPAA

Twenty-First Century Cures Act Includes HIPAA Provisions

On December 13, 2016, President Obama signed the 21st Century Cures Act (“Cures Act”), Pub. L. 114-255, which aims to expand medical research and expedite the approvals of drug therapies for patients.  The Cures Act also contains several provisions related to the HIPAA Privacy and Security Rules.  None of these provisions make substantive changes to … Continue Reading

HHS Issues Guidance on HIPAA and Cloud Providers

The Department of Health and Human Services (HHS) recently published guidance on HIPAA requirements governing the use of cloud computing entities, specifically cloud services providers (CSPs). In this guidance, HHS explains that CSPs that create, receive, maintain, or transmit protected health information (PHI) on behalf of a covered entity or business associate are considered business … Continue Reading

Significant HIPAA Fine Follows Business Associate’s Stolen iPhone

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently announced a significant settlement with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a business associate under HIPAA, arising from a breach of protected health information (PHI) after the theft of an employee’s iPhone.  The iPhone … Continue Reading

Health Care Providers Continue to Lag Behind Patient Demand for Digital Communications

While Americans continue the trend towards replacing the traditional phone call with email and texts, health care providers have yet to catch on when interacting with their patients. A recent survey by Nielsen Strategic Health Perspectives found that less than a third of Americans have access to digital communications with their physicians: The survey found … Continue Reading

Senators Request Information from HHS About Medical Identity Theft Efforts

Last week, the chairmen and ranking members of the Senate Committee on Health, Education, Labor, and Pensions and the Senate Committee on Finance sent a letter to Andy Slavitt, Acting Administrator for the Centers for Medicare & Medicaid Services (“CMS”), and Jocelyn Samuels, Director of the Health and Human Services (“HHS”) Office for Civil Rights … Continue Reading

HHS Launches Portal Seeking Questions from Mobile Health Application Developers

A new post on Covington’s Inside Medical Devices blog discusses a new portal recently launched by HHS seeking questions from mobile health application developers.  The platform allows for individuals to both submit and review questions on the HIPAA implications of these mobile health applications.  To read the post, click here.… Continue Reading

Hospital Fined for Using Unsecured File Sharing Application

A recent HIPAA enforcement action highlights the risk of health care providers using unsecured applications to store and share patient data. HHS reached a $218,499 settlement with St. Elizabeth’s Medical Center in Brighton, Massachusetts, a tertiary care hospital that offers both inpatient and outpatient services. The enforcement action followed allegations made to HHS in 2012 … Continue Reading

ONC Releases Updated EPHI Guide

We recently posted on the Inside Privacy blog about an update to the Guide to Privacy and Security of Electronic Protected Health Information issued by the Office of the National Coordinator for Health Information (ONC).  The updated guide incorporates the most current standards in accordance with the new final rules, issued in 2013, under the Health Information … Continue Reading

Cyber Attacks on Health Data Increasing, Primary Cause of Data Breaches, Group Finds

A new study out by the Ponemon Institute finds that criminal attacks, rather than accidents or technological failures, are the leading cause of data breaches. The report finds that cyber-criminals are increasingly targeting health care providers and business associates for the vast amounts of personal data held by these entities, and that these attacks are … Continue Reading

Moving to the Cloud: Some Key Considerations for Healthcare Entities

Healthcare providers, health plans, and other entities are increasingly utilizing cloud services to collect, aggregate, store and process data.  A recent report by IDC Health Insights suggests that 80 percent of healthcare data is expected to pass through the cloud by 2020.  As a substantial amount of healthcare data comprises “personal information” or “protected health … Continue Reading

Members of Congress Ask for Clarity on HIPAA and Mobile Devices

Last month, two Members of Congress wrote to Secretary Burwell of the U.S. Department of Health and Human Services, urging the agency to adopt new guidance on HIPAA compliance for mobile devices. In their letter, Representatives Tom Marino (R-PA) and Peter DeFazio (D-OR) note that much of HHS’s current guidance predates the proliferation of mobile … Continue Reading

HIPAA Privacy Rule Extended To Same-Sex Spouses

 The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently released guidance extending Health Insurance Portability and Accountability Act Privacy Rule protections for family members to same-sex spouses, in light of the 2013 Supreme Court ruling in United States v. Windsor. The HIPAA Privacy Rule grants consumers certain privacy rights with … Continue Reading
LexBlog