By Matt Fisher – The HIPAA spotlight is beginning to shine brightly on business associates. Covered entities have long had their time to star, so it is only fair to share the stage now. It is likely that covered entities are only too happy to have the Office for Civil Rights and others focus attention on business associates with all the consequences that come with such attention.
Read More
By Mike Semel – The Office for Civil Rights announced that the new permanent audit program has started. On July 11 letters were sent BY E-MAIL (check your junk mail folders!) to 167 health plans, health care providers, and health care clearing houses (all HIPAA Covered Entities) notifying them that they have to send in documentation for a ‘desk audit.’ They will have 10 days to send in the required materials for review.
By Matt Fisher – After promising to provide guidance and insight for a breaking issue, the OCR came out with ransomware guidance under HIPAA. One major issue for debate was whether a ransomware attack constitutes a HIPAA breach. The guidance provides insight into where OCR is coming from and what it expects the industry to do in response to a ransomware attack.
By Bob Grant – A former respiratory therapist was convicted of wrongly accessing individually identifiable health information by a federal jury on June 23 of this year. The charges claimed that the therapist was using the information to seek, obtain, or use intravenous drugs.
By Jonathan Krasner – Back in March, we reported that OCR had announced its Phase 2 Audit Program. OCR stated that they would compile a database of both Covered Entities and Business Associates to form the basis of the pool of organizations potentially targeted for audit. They have followed up on their intentions and in the last week organizations have started to receive contact emails from OCR.
By Matt Fisher – Potentially lost in the week leading up to the July 4th holiday weekend, the OCR announced its latest HIPAA related breach settlement. The settlement is one of the first directed at a business associate and serves as a pointed reminder that business associates may be directly liable for the breaches that they may cause.
By Bob Grant – The Obama administration submitted its budget proposal for fiscal-year 2017. The OCR Budget in Brief details the increased budget–$1.15 trillion of which is allotted for HHS. $43 million of these funds will go to the Office for Civil Rights, and $82 million will go to the ONC.
By Bob Grant – The HHS Office for Civil Rights released an updated Audit Protocol that it plans to use while investigating health care entities for HIPAA compliance. The biggest change to the audit protocol is the distinction that OCR has made between what’s required of Business Associates and Covered Entities.
By Bob Grant – The HHS Office for Civil Rights announced that NY Presbyterian Hospital would be required to pay a $2.2M settlement after the “egregious disclosure” of two patients’ protected health information. NYP allowed an ABC film crew and staff from the show “NY Med” to film two patients, one of whom was dying, and another experiencing serious distress.