Encryption of mobile device technology has become essential in the eyes of the OCR. Although HIPAA treats encryption as an “addressable” safeguard –as opposed to a “required” safeguard— under the Security Rule, the following OCR settlements involving unencrypted mobile devices indicate that encryption is obligatory for HIPAA compliance. As new technologies emerge and the use […]
The post Healthcare Mobile Device Encryption: Is It Required? appeared first on OMW Health Law.
The Feinstein Institute for Medical Research (Feinstein) recently agreed to pay, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), $3.9 million to settle allegations that Feinstein violated the HIPAA Privacy and Security Rules. This settlement confirms the OCR’s position that nonprofit research institutes are held to the same standards as […]
North Memorial Health Care of Minnesota (“North Memorial”) recently agreed to settle charges that it violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by essentially failing to enter into a Business Associate Agreement. Pursuant to the settlement, North Memorial agreed to pay $1,550,000. This settlement is a reminder […]
The post Steep Price Tag for Not Entering a Business Associate Agreement appeared first on OMW Health Law.