Tag Archives: Health Insurance Portability and Accountability Act

New York Joins the Wave of States Requiring Businesses to Adopt Reasonable Cybersecurity Safeguards to Protect Private Information

New York is the latest state to adopt a law that requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect that information. New York now joins California, Massachusetts and Colorado in setting these standards. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training and incident response planning and testing. Businesses should immediately begin the process to comply with the Act’s requirements effective March 21, 2020. Notably, New York’s law covers all employers, individuals or organizations, regardless of size or location, which collect private information on New York State residents.

Read more

Read full article

Privacy Concerns Loom as Direct-to-Consumer Genetic Testing Industry Grows

The market for direct-to-consumer (“DTC”) genetic testing has increased dramatically over recent years as more people are using at-home DNA tests.  The global market for this industry is projected to hit $2.5 billion by 2024.  Many consumers subscribe to DTC genetic testing because they can provide insights into genetic backgrounds and ancestry.  However, as more consumers’ genetic data becomes available and is shared, legal experts are growing concerned that safeguards implemented by U.S. companies are not enough to protect consumers from privacy risks.

Read more

Read full article

Changes to HHS’ Interpretation of HIPAA Civil Monetary Penalties

On Friday April 26, 2019, the US Department of Health and Human Services (“HHS”) issued a notification regarding HHS’ use of Civil Monetary Penalties (“CMP”) under the Health Insurance Portability and Accountability Act (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.

Read more

Read full article
ILN Today Post

OCR’s HIPAA breach “wall of shame” breaks 2,000

The list of reported Health Insurance Portability and Accountability Act (HIPAA) breaches has broken a new record. More than 2,000 breaches affecting 500 or more individuals have now been reported to the Department of Health and Human Services Office for Civil Rights (OCR) since 2009. It took nearly five years for the “wall of shame” to reach 1,000 breaches affecting 500 or more individuals and reporting has since increased due in part to OCR’s ramped up enforcement efforts, which seek to hold covered entities responsible for failure to report a breach within 60 days of discovery.

With the increase of sophisticated hacking and ransomware incidents in recent years, it is anticipated that the number of reported breaches will continue to rise at an accelerated rate. In 2017 it is anticipated that OCR will receive be the most breaches reports to date within a single calendar year.

Read More

Read full article
ILN Today Post

Who is HIPAA business associate?

A wide range of vendors and contractors that perform services or other functions for health care providers or health plans face substantial obligations and potential liabilities as business associates under the Privacy, Security and Breach Notification Rules (HIPAA Rules) issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Therefore, it is crucial for covered entities, as well as anyone performing services or functions involving protected health information (PHI) for covered entities or business associates, to identify all of their business associate relationships so they can take appropriate actions to comply with the HIPAA Rules. As we will discuss in this white paper, whether a service provider is a business associate under the HIPAA Rules will depend on the relationship of the parties, the nature of the services and whether the activities involve the use, disclosure, transmission, or maintenance of PHI.

Read More

Read full article

Healthcare and Data Privacy and Cybersecurity Alert: OCR strikes again with 3 recent HIPAA settlements

The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) is showing signs of becoming increasingly aggressive in enforcing the Health Insurance Portability and Accountability Act (“HIPAA”), with the recent announcement of three settlements in a 20-day span. Each covered entity was investigated for noncompliance after breach reports were filed with OCR, emphasizing the need for compliance among all covered entities and business associates subject to the HIPAA Privacy and Security Rules.

Read full article