HIPAA Associates will keep you informed of important issues that can affect your practice.
Resolution agreements are signed settlement agreements between a covered entity or business associate, and the U.S. Department of Health and Human Services (HHS) in which the entity agrees to perform certain obligations as a result of potential violations. There is no finding of violation when a resolution agreement is entered. Resolution agreements usually contain a resolution amount and a corrective action plan (CAP). The resolution amount is monetary sanction determined by the egregiousness of the potential violation. This year...read more
The Office for Civil Rights (OCR) issued a bulletin November 10, 2014 on “HIPAA Privacy in Emergency Situations.” The stated purpose of the bulletin is to assure that covered entities and their business associates know how protected health information that may be shared during an emergency and that the privacy protections are not suspended during emergencies. The OCR has issued the bulletin in part due to the recent Ebola outbreak. Read the OCR bulletin...read more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has developed guidance to assist covered entities in understanding how the decision by the Supreme Court in United States v. Windsor may affect certain parts of their HIPAA Privacy Rule obligations. Spouses Often Play an Integral in A Patient’s Health. The HIPAA Privacy Rule recognizes that family members, such as spouses, often play an integral role in a patient’s health care. For example, the Privacy Rule allows covered entities to share...read more
Anesthesia Compliance Consultants has summarized the major provisions of the HIPAA Omnibus Rule, which will be effective March 26, 2013 with a compliance date of September 23, 2013. This will affect anesthesia practices in many ways. 1. Final modifications to HIPAA Make business associates of covered entities directly liable for compliance with HIPAA Privacy and Security Rules’ requirements. Strengthen the limitations on the use and disclosure of protected health information (PHI) for marketing and fundraising purposes, and...read more
The Office for Civil Rights announced a settlement of potential violations of the HIPAA and Breach Notification Rules on December 27, 2013 with Adult & Pediatric Dermatology, P.C., of Concord, Mass., (AP Derm). AP Derm settled potential violations with the OCR for a $150,000 payment and a corrective action plan. AP Derm is a private dermatology practice with four locations in Massachusetts and two in New Hampshire. This is the first settlement with a covered entity for not having policies and procedures in place to address the breach...read more
Recently a lawsuit has been brought against New York State’s North Shore-Long Island Jewish Health System for $50 million for allegedly allowing a data breach that violated confidential patient information and failing to report this to the affected patients for almost a year. The suit was filed by 12 patients out of a group of 100 affected individuals whose data was stolen from the North Shore University Hospital in Manhasset. The information consisted of PHI including names, addresses, birthdays, phone numbers and Social Security...read more