By Bob Grant – The HHS Office for Civil Rights released an updated Audit Protocol that it plans to use while investigating health care entities for HIPAA compliance. The biggest change to the audit protocol is the distinction that OCR has made between what’s required of Business Associates and Covered Entities.
Read More
By Bob Grant – The HHS Office for Civil Rights announced that NY Presbyterian Hospital would be required to pay a $2.2M settlement after the “egregious disclosure” of two patients’ protected health information. NYP allowed an ABC film crew and staff from the show “NY Med” to film two patients, one of whom was dying, and another experiencing serious distress.
By Jonathan Krasner – On April 27, CMS came out with a proposed rule on how physicians will get paid under MACRA. The new system is premised on tying physician payments to quality and value, and is directly related to the Triple Aim of providing better care, lower costs, and improved health.
By Matt Fisher – Mobile apps are a topic of frequent discussion in the healthcare field these days. Questions include what regulatory requirements apply, are the apps trustworthy, is information kept safe and secure, and others. The question of what regulations apply in particular leaves many confused and uncertain as to what needs to be done.
By Bob Grant – Understanding the regulatory requirements that govern the use and disclosure of protected health information (PHI) is essential for health care professionals operating across the country. However, federal HIPAA regulation only accounts for a portion of those requirements.
By Matt Fisher – The Office for Civil Rights announced a $750,000 settlement with Raleigh Orthopaedic Clinic, P.A. of NC on 4/20/16, resulting from a breach involving an “undocumented” business associate. The settlement comes only weeks before desk audits are expected to begin and focuses on a perceived area of weakness, BA agreements.
By Art Gross – The topic of ransomware, especially ransomware hitting healthcare organizations, is making headlines daily. Dan Munro has a very good article over at Forbes that asks an important question: Is Ransomware Considered A Health Data Breach Under HIPAA?
By Sam Barnes – North Memorial Health Care of Minnesota recently agreed to settle charges that it violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by essentially failing to enter into a Business Associate Agreement.
By Matt Fisher – It has been a frequent message that the Office for Civil Rights (OCR) at the federal Department of Health and Human Services (HHS) has been providing numerous HIPAA lessons over the past few years through settlement announcements.