HIPAA Final Rule Posted

This afternoon, the Department of Health and Human Services posted a long-awaited, 563-page omnibus final rule under HIPAA, which will be published in the Federal Register on January 25, 2013, and which makes a variety of modifications to HIPAA’s Privacy, Security, Breach Notification, and Enforcement Rules.  According to the executive summary of the rule, these modifications are […]

The danger of unencrypted protected health information: 55,000 patients’ PHI exposed.

An Indianapolis oncology group has disclosed that data concerning about 55,000 patients was stored on a stolen laptop computer.  A backup copy of the Cancer Care Group’s server was stored on the computer, which was stolen from a locked car.  Among the data stored on the device were patient names, addresses, Social Security Numbers, medical […]

Alaska Department of Health and Social Services Pays $1.7 Million to Settle HIPAA Security Rule Matter

Today, the Office of Civil Rights (“OCR”) of the Department of Health and Human Services (“HHS”) announced that the Alaska Department of Health and Social Services (Alaska DHSS), which is that state’s Medicaid agency, has agreed to pay $1.7 million to settle possible violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security […]

DOH Issues Guidance on Use of Surveillance Equipment in Nursing Homes

Increasingly, nursing homes seek guidance on the considerations involved in the use of surveillance equipment in their facilities.  On May 22, 2012, the New York State Department of Health issued a “Dear Administrator Letter” (DAL) addressing the use and installation of audio and/or video surveillance equipment in nursing homes.  The DAL is available here.

Ninth Circuit on HIPAA Criminal Liability: No Knowledge Requirement

On May 10, 2012, the United States Court of Appeals for the Ninth Circuit issued its opinion in United States v. Zhou, No. 10-50231 (9th Cir. May 10, 2012), and held that the criminal misdemeanor provision of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), located at  42 U.S.C. § 1320d-6(a)(2)—which penalizes the […]

HHS Proposes Rule Giving Patients Direct Access to Lab Test Results

Yesterday, the U.S. Department of Health and Human Services (“HHS”) published a proposed rule in the Federal Register which would allow medical patients to get their laboratory test results directly from the lab.  A copy of this proposed rule is available here.  At present, only a handful of states allow direct access to lab results.  […]

HIPAA-Based Criminal Indictment for Communicating with Patient’s Employer

A Virginia physician has become the first person criminally indicted under the Health Insurance Portability and Accountability Act (HIPAA) for communicating with a former patient’s employer. According to the United States Attorney for the Eastern District of Virginia, Dr. Richard Kaye, the former Medical Director of the Psychiatric Care Center at Sentara Obici Hospital in Suffolk, Virginia, […]

HHS Releases HIPAA Privacy Rule Accounting of Disclosures

The Department of Health and Human Services (HHS) issued its notice of proposed rulemaking to modify the HIPAA Privacy Rule’s standard for accounting of disclosures of protected health information (PHI). The current accounting provision applies to disclosures of paper and electronic PHI, regardless of whether such information is in a designated record set (DRS), for […]

CMS Proposes Rule to Make Medicare Data Available for Public Reports About Providers

The Patient Protection and Affordable Care Act (“PPACA”) requires that “standardized extracts” of Medicare claims data be made available to “qualified entities” in connection with their preparation of reports evaluating the performance of providers.  Since this information is now “required by law,” these disclosures are allowed under the Health Insurance Portability and Accountability Act’s Privacy […]

CMS Receives Failing Marks for HIPAA Enforcement

The Office of the Inspector General (OIG) for the U.S. Department of Health and Human Services (HHS) released a report on the oversight and enforcement actions conducted by the Center for Medicare and Medicaid Services (CMS) pertaining to hospitals’ implementation of the HIPAA Security Rule.  The OIG conducted its audits at CMS in Baltimore, Maryland, […]