Last Friday the US Department of Health and Human Services (HHS) released, at the last possible moment to meet their deadline, their interim final regulations to require covered entities (CEs) under the Health Insurance Portability and Accountability Act (HIPAA) and their business associates (BAs) to provide for notification in the case of breaches of unsecured protected health information (PHI) as required by the HITECH Act.
If you’ve read any of the at least 47 U.S. state and territory beach notice laws you will get a strong sense of deja vu while reading this document. They borrowed HEAVILY from the various existing breach notice laws to estblished their proposed definitions of securing PHI, what constitutes a “breach” of PHI, and for doing breach notifications.
There are two major issues…
Posts Tagged ‘HIPAA’
Breach Notices, Securing PHI & PHR Vendor Responsibilities Under HIPAA/HITECH Act
Tuesday, April 21st, 2009HIPAA Requirements Changes & Business Associates Impacts From HITECH Act
Monday, April 20th, 2009Last week I engaged in a very interesting tweetversation with David Mortman about when the U.S. Department of Health and Human Services (HHS) needs to get their guidance documents and rules published for the various HITECH Act requirements…
HIPAA Requirements Changes & Business Associates Impacts From HITECH Act
Monday, April 20th, 2009Last week I engaged in a very interesting tweetversation with David Mortman about when the U.S. Department of Health and Human Services (HHS) needs to get their guidance documents and rules published for the various HITECH Act requirements…
HIPAA Sanctions and Convictions Will Increase with HITECH Act & New Administration
Tuesday, March 31st, 2009Upon reading and researching HIPAA and the impact of the HITECH Act upon it, basically broadening its applicability as well as adding new requirements for privacy breach notifications, I recently was compelled to write an article about what I foresee as likelihood that, after a very frustratingly slow start (by several years!) of HIPAA enforcement, increasingly more HIPAA sanctions will be made in the coming months and years.
SearchCompliance printed my article in three parts in their Compliance Tips section…
Most Laws Are Flawed, But It Is Up To Us To Make Them Better & Make Them Work
Friday, March 6th, 2009Rafal Los makes some very good points in his post “Analysis of the Stimulus Bill and Healthcare Privacy” from a few days ago. I started writing all my thoughts as a comment to him, but then decided it would work well as a blog post…
HIPAA & Calling Out Full Names In Waiting Rooms
Monday, March 2nd, 2009Over the years I have done several interviews for articles about HIPAA compliance. I recently did an interview for an HCPro article, “Physician offices: Tackle a different set of privacy training challenges.” (Sorry, this is not publicly posted to my knowledge.)
Well, today I received a message about this article from a clearly agitated reader, whose name (of course) I am not including in the following message…
HIPAA Violations: Nurses Allegedly Post X-Ray Photos To Facebook
Thursday, February 26th, 2009Okay, here’s a perfect real incident to use for a case study to argue discuss whether or not this is a HIPAA violation!
Report on Healthcare Provider HIPAA Progress
Monday, February 23rd, 2009Here’s an interesting report from URAC about healthcare providers and HIPAA compliance progress…
2ND HIPAA Sanction: CVS Must Pay $2.25 Million And Improve Info Sec Practices For Improper Disposal
Thursday, February 19th, 2009The 2nd ever to date HIPAA sanction has been handed down by the Department of Health and Human Services (HHS)…
New Report Finds HIPAA Privacy Rule Is Ineffective As Written
Wednesday, February 4th, 2009Today the Institute of Medicine (IOM) released a report, “Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research“…
