Cory J. Fox

Subscribe to all posts by Cory J. Fox

OCR Updates Breach Report Web Portal — Changes Could Impact Annual Breach Reports

Photo of Lynn SessionsBy Lynn Sessions and Cory J. Fox on Posted in HIPAA/HITECH, Medical Privacy
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently launched an updated version of the portal covered entities must use to notify OCR regarding a breach of unsecured protected health information (PHI) under 45 C.F.R. § 164.408, and the changes could impact covered entities planning to submit their 2014 … Continue Reading

Malware Incident at Mental Health Nonprofit Leads to $150K Settlement with OCR

By Cory J. Fox on Posted in HIPAA/HITECH, Medical Privacy
As cyberattacks targeting the healthcare industry continue to escalate, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) has published its first-ever resolution agreement stemming from an incident involving malware, highlighting the importance of reviewing systems for unpatched and unsupported software that can leave patient information susceptible to malware and other … Continue Reading

California Extends Deadline for Reporting Breaches to the CDPH from 5 to 15 Business Days

By Cory J. Fox on Posted in Data Breach Notification Laws, HIPAA/HITECH, Medical Privacy
On September 18, 2014, California Governor, Jerry Brown, signed Assembly Bill 1755 (“AB1755”) into law, amending breach notification provisions in the California Health and Safety Code applicable to licensed clinics, health facilities, home health agencies, and hospices. Under existing law, certain health care entities licensed by the California Department of Public Health (“CDPH”), including hospitals … Continue Reading

Florida Gives Breach Notification Statute More Teeth

By Cory J. Fox on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Identity Theft, Information Security
On June 20, 2014, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014 (“FIPA”), which will repeal Florida’s current breach notification statute at Fla. Stat. § 817.5681 and replace it with a new statute at Fla. Stat. § 501.171 effective July 1, 2014.  On the same day, Governor Scott also signed SB … Continue Reading

HHS Attorney: Major HIPAA Fines and Enforcement Coming

Photo of Lynn SessionsBy Lynn Sessions, Kimberly M. Wong and Cory J. Fox on Posted in Data Breaches, Enforcement, HIPAA/HITECH, Information Security, Medical Privacy
As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR.  But according to recent remarks by a high-ranking HHS attorney, if you thought these past 12 months were significant, just wait for the next 12 months. According to Law360, Jerome B. Meites, Chief … Continue Reading

Iowa Breach Notification Law Now Requires AG Notification, Applies to Paper Records

By Cory J. Fox on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Identity Theft, Information Security
Iowa recently joined an increasing number of states that require notification of state regulatory authorities following a breach, as well as a handful of states in which paper records can trigger notification obligations.  On April 3, 2014, Iowa Governor Terry Branstad signed S.F. 2259 into law, amending Iowa’s Personal Information Security Breach Protection statute (Iowa … Continue Reading

Kentucky Enacts Data Breach Notification Statute

By Cory J. Fox on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Information Security
On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  Prior to H.B. 232, Kentucky was one of only four states—including Alabama, New Mexico, and South Dakota—that had not adopted data breach notification legislation.  H.B. 232 also includes a separate section … Continue Reading

HIPAA Violation Results in $1.44 Million Jury Verdict Against Walgreens, Pharmacist

By Cory J. Fox on Posted in HIPAA/HITECH, Medical Privacy
Although HIPAA does not create a private cause of action, a recent Indiana Superior Court jury verdict indicates that HIPAA could still play an important role in private causes of action in state court based on negligence and professional liability as it relates to confidentiality. On July 26, a jury in Marion County, Indiana awarded … Continue Reading

HHS Considers Amending HIPAA Privacy Rule to Permit Disclosure of Mental Health Information for Firearm Background Checks

By Cory J. Fox on Posted in HIPAA/HITECH, Medical Privacy
Adding yet another wrinkle to the nation’s contentious gun control debate, the U.S. Department of Health and Human Services (HHS) has released an Advance Notice of Proposed Rulemaking (ANPRM) soliciting information and public comment on possible amendments to the HIPAA Privacy Rule to permit disclosure of limited mental health information to the National Instant Criminal … Continue Reading

HIPAA, Gun Control, and President Obama’s Executive Actions: What You Need to Know

By Cory J. Fox on Posted in HIPAA/HITECH, Medical Privacy
All of the excitement surrounding the publication of the HIPAA Omnibus Final Rule may have overshadowed another very important development in health information privacy.  On January 16, 2013, the Obama Administration released its comprehensive plan to reduce gun violence in America by banning military-style assault weapons and high capacity magazines, increasing access to mental health … Continue Reading

OCR’s Breach Settlement the First Ever Involving Less than 500 Patients

By Cory J. Fox on Posted in HIPAA/HITECH, Medical Privacy
OCR started 2013 with a bang by announcing that it had reached “the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500 individuals” with the Hospice of North Idaho (“HONI”). Under the resolution agreement, HONI has agreed to pay $50,000 and enter a two-year Corrective Action Plan to … Continue Reading
LexBlog