HIPAA Blog Posts: HIPAA Covered Entity

No HIPAA Compliant Policies and Procedures Means "Willful Neglect"

For example, the OCR stated that the failure to develop or implement compliant HIPAA policies and procedures "demonstrate[s] either conscious intent or reckless disregard with respect to . . . compliance obligations," and may be the basis for a finding of a violation due to willful neglect. [99] 75 Fed. Reg. 40,879

Continue reading…

Legal Review of New HIPAA HITECH Rules: Foley & Lardner

HHS releases proposed HITECH rule
Foley & Lardner LLP
On July 14, 2010, the Office for Civil Rights of the Department of Health and Human Services (HHS) published a Notice of Proposed Rulemaking (Proposed Rule) that proposes significant changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Enforcement Rules.

Continue reading…

Vendors: Can You Prove Your HIPAA HITECH Compliance?

"Vendors seeking to court healthcare clients will now need to pitch not only functionality but a compliance message as well." Report From the Trenches: Health IT Post-HITECH By Ed Moyle TechNewsWorld 07/20/10 5:00 AM PT

Continue reading…

Top Privacy and Security Experts Agree: Business Associates Must Comply with HIPAA HITECH

"The rule makes it much clearer that the covered entities' responsibilities must go far beyond just having a business associate agreement," Rebecca  Herold stresses. Instead, hospitals, clinics and others must work closely with their business partners to make sure they're carefully following the HIPAA privacy and security rules, she adds.

Continue reading…

Signed a Business Associate Agreement?, Get Compliant, Says HHS

"For those business associates that have not already adopted HIPAA-compliant privacy and security standards for PHI, the risk of criminal and/or civil monetary penalties may spur them to increase their efforts to comply with privacy and security standards." Page 164 NPRM
 

Continue reading…

HHS Expects Business Associates to be Compliant, Now!

This NPRM from HHS contains serious warnings to business associates that they expect them to be HIPAA HITECH compliant with their business associate agreements now, and if not, they should get started immediately.

Continue reading…

NPRM (Notice Of Proposed Rule Making) Conference Call July 8: Not Much New

A 234 page NPRM document was released into the Federal Register, which I will wait for the experts to analyze.

Continue reading…

Health Net Settles with Connecticut AG: Up to $750,000

Connecticut has settled a lawsuit with an insurance company involving a massive security breach that compromised financial and medical records for half-a-million state residents.  Health Net still has to deal with OCR to determine further fines and penalties.

Continue reading…

Failing to Train Business Associates on HIPAA Can be Described as Willful Neglect, Amy Leopard , Walter & Haverfield LLP

"Willful neglect generally can be described as knowing HIPAA rules but not properly training employees -- and now, business associates -- in them."  Amy Leopard, a partner at the Cleveland law firm Walter & Haverfield LLPibed

Continue reading…

Siemens to FedEx to Lincoln: Oops 130,495 Patient Records Breached by Two Business Associates.

Siemens to FedEx to Lincoln will never replace Tinkers to Evers to Chance, the famous baseball double play trio, since they dropped the ball, in fact 130,495 balls.  Once again we have business associates causing a big breach.

Continue reading…