After two investigations by the United States Department of Health and Human Services, Office for Civil Rights (“HHS”), St. Elizabeth’s Medical Center, a Boston-based hospital, has agreed to a Resolution Agreement with HHS. The Resolution Agreement appears to settle two apparently unrelated HIPAA issues at the same facility in 2012 and 2014.
An Indianapolis oncology group has disclosed that data concerning about 55,000 patients was stored on a stolen laptop computer. A backup copy of the Cancer Care Group’s server was stored on the computer, which was stolen from a locked car. Among the data stored on the device were patient names, addresses, Social Security Numbers, medical […]
Today, the Office of Civil Rights (“OCR”) of the Department of Health and Human Services (“HHS”) announced that the Alaska Department of Health and Social Services (Alaska DHSS), which is that state’s Medicaid agency, has agreed to pay $1.7 million to settle possible violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security […]
As of January 1, 2012, all healthcare providers were required to transition from version 4010/4010A to version 5010 standards for submitting electronic transactions, and the failure to comply may result in claim denials or a government investigation. CMS has repeatedly postponed enforcement, but it appears the agency will begin to enforce civil monetary penalties against […]
Late last month, the Massachusetts Attorney General, Martha Coakley, announced that her office had reached a settlement with South Shore Hospital regarding alleged violations of the Massachusetts Consumer Protection Act and the Health Insurance Portability and Accountability Act (“HIPAA”) stemming from a data breach reported to both her office and the Office of Civil Rights of […]
On May 10, 2012, the United States Court of Appeals for the Ninth Circuit issued its opinion in United States v. Zhou, No. 10-50231 (9th Cir. May 10, 2012), and held that the criminal misdemeanor provision of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), located at 42 U.S.C. § 1320d-6(a)(2)—which penalizes the […]
The Department of Health and Human Services (HHS) issued its notice of proposed rulemaking to modify the HIPAA Privacy Rule’s standard for accounting of disclosures of protected health information (PHI). The current accounting provision applies to disclosures of paper and electronic PHI, regardless of whether such information is in a designated record set (DRS), for […]