It's one thing to prepare your organization with a solid defense against a potential privacy breach. Add in an HHS/OCR audit or investigation, and it becomes crucial that organizations take the necessary steps to comply with the HIPAA Privacy, Security, and Breach Notification rules. Mahmood Sher-Jan and Chris Apgar outline 10 tips for preparing for an OCR audit.
The HITECH Act called for stepped-up HIPAA privacy and security and breach notification rule enforcement with respect to covered entities and business associates, to be accomplished by spot-check audits.
Leon Rodriguez, a former prosecutor and healthcare provider lawyer, has taken the reins as director of the Office for Civil Rights (OCR), which oversees health information privacy. The Health and Human Services Department announced his appointment Sept. 13.
We recently highlighted the debate between policymakers and healthcare providers over how best to provide patients with reports detailing who has accessed their health records.
The University of California at Los Angeles Health System will pay $865,500 in HIPAA fines after an investigation found that its employees had been peeking at the electronic personal health information of numerous patients.
There are some important steps HIPAA covered entities can take pre-breach and post-breach to help reduce the risks associated with reporting a breach incident, according to Portland, Ore.-based ID Experts.
HIPAA regulations long on the books require that covered entities provide patients with accounting of disclosures of their protected health information for any purpose other than treatment, payment or health care operations (TPO). The HITECH Act upped the ante, requiring accounting of disclosures of PHI for TPO as well.
On May 31, the U.S. Department of Health & Human Services released a proposed change to the HIPAA Privacy Rule. The proposed rule would give people the right to get a report on who has electronically accessed their protected health information (PHI).
A Notice of Proposed Rulemaking to the Health Insurance Portability and Accountability (HIPAA) Act Privacy Rule, which would give people the right to get a report on who has electronically accessed their protected health information, has been made available for public comment.
The Department of Health and Human Services Office for Civil Rights (OCR) recently singled out two prominent healthcare organizations - Cignet Health of Maryland with a penalty of $4.3 million dollars and Massachusetts General with a settlement of $1 million - both for allegedly violating HIPAA. These sizeable fines signal a wake-up call for the healthcare industry, say experts, who believe these won't be the last.
The Health and Human Services Department settled potential privacy violations with Massachusetts General Hospital, which agreed to pay the U.S. government $1 million and establish more stringent policies and procedures to safeguard the privacy of its patients.
The U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has fined Cignet Health of Prince George's County, Md., $4.3 million, in what officials say is the first civil money penalty (CMP) issued for a covered entity's violations of the HIPAA Privacy Rule.
At a HIMSS11 workshop held Sunday, HIMSS Privacy Director Lisa Gallagher and other experts tried to set the record straight on the federal breach notification rules.
One of the major goals of the federal government's push for nationwide electronic medical record adoption is to create an information network where "health data can flow freely, privately, and securely to the places where they are needed." So far, this is proving to be a challenge for the nation's hospitals and doctors.
Rite Aid Corp. has agreed to pay $1 million to settle potential violations of federal privacy rules when the national pharmacy chain failed to protect sensitive customer information in disposing of prescriptions and pill bottles in store trash containers.
The Department of Health and Human Services issued new regulations Wednesday requiring healthcare providers, health plans and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify patients if their electronic health information has been breached.
The Department of Health and Human Services has delegated the authority for the administration and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule to the Office for Civil Rights.
WASHINGTON - The Department of Health and Human Services has levied a $100,000 fine on Seattle-based Providence Health and Services for alleged violations of the Health Insurance Portability and...
