Lynn Sessions

Subscribe to all posts by Lynn Sessions

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other administrative sanctions stemming from a breach incident affecting 13,336 Dual Eligible Medicare beneficiaries.  The breach incident occurred in September 2013 when Triple-S mailed to … Continue Reading

NICS and HIPAA: Where Mental Health Privacy and Gun Control Overlap; HHS Releases Notice of Proposed Rulemaking

On January 7, 2014, the U.S. Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) for the purpose of modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to expressly permit certain HIPAA covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities … Continue Reading

Can Covered Entities Utilize Text Messaging and Text Paging Without Violating HIPAA?

Co-authored by: Cory Fox Text messaging allows healthcare providers to deliver simple, relevant, and customizable health information instantaneously to their patients, like reminders to obtain a vaccine, take a medication or come to an important follow-up appointment. Text paging, a form of text messaging frequently used by healthcare professionals, can help ensure patient safety by … Continue Reading

Reminder Annual OCR Breach Reporting is Due March 1, 2013

The breach notification interim final rule requires covered entities to submit to the Office for Civil Rights (OCR) notice of breaches of unsecured protected health information (PHI) (45 C.F.R. 164.408) by March 1, 2013. For breaches affecting fewer than 500 individuals, a covered entity must submit to OCR its annual notification of all breaches occurring … Continue Reading

CMS’s Privacy Problem: Data Breaches, Medicare Numbers, and Inaction

Co-authored by: Cory Fox The Department of Health and Human Services Office of Inspector General (“OIG”) recently published a report, CMS Response to Breaches and Medical Identity Theft (“Report”), which referenced 14 breaches of medical information by the Centers for Medicare and Medicaid Services (CMS), including Medicare numbers, affecting nearly 14,000 beneficiaries in the past … Continue Reading

Whole Genome Sequencing: Are We Ready for the Next Privacy Frontier?

Co-authored by: Cory Fox Recently, the Presidential Commission for the Study of Bioethical Issues (“the Commission”) submitted a report to the President entitled Privacy and Progress in Whole Genome Sequencing (“Report“). The Report attempts to reconcile the potential societal benefit from advances in whole genome sequencing with the privacy risks individuals who share their genomic … Continue Reading

OMG! Does Your Doctor’s Facebook Status Violate HIPAA?

Co-authored by: Cory Fox Recently, the Federation of State Medical Boards (“the Federation”) released its Model Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Guidelines”). The Guidelines are intended to address how physicians can utilize social media to facilitate patient care while still maintaining the privacy and confidentiality … Continue Reading

HHS Adopts Operating Rules for EFT and ERA Transactions

The U.S. Department of Health and Human Services (HHS) recently released an interim final rule with comment period that adopts “Operating Rules” for electronic funds transfer (EFT) and electronic remittance advice (ERA) transactions by physician practices, hospitals and health plans. By replacing the burdensome, paper-driven billing practices currently employed by more than 70 percent of … Continue Reading

OCR HIPAA Training for State Attorneys General

Earlier this month, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the materials used in training the state attorneys general (AGs) last year on the enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act. OCR has published … Continue Reading

Record UK Fine Data Breach of Healthcare Information

The United Kingdom’s Information Commissioner’s Office (“ICO”) levied a $499,460 civil monetary penalty (“CMP”) to Brighton and Sussex University Hospitals after discovering staff and patients’ sensitive data contained on hard drives sold on Ebay in late 2010.  The breach reportedly exposed tens of thousands of patients’ health information, including HIV status and treatment, other diagnostic … Continue Reading

Online Calendar Paves Way for $100,000 HIPAA Settlement

Phoenix Cardiac Surgery recently entered into a $100,000 settlement with the U.S. Department of Health & Human Services (HHS) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. The settlement is the result of an investigation by the HHS Office for Civil Rights (OCR) after it … Continue Reading

OCR HIPAA Audit and Site Visit Pilot Program Implemented

In an effort to comply with Section 13411 of the HITECH Act, the Office for Civil Rights (“OCR”) recently announced the implementation of a pilot program to audit covered entities and business associates to ensure they are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. OCR anticipates performing up to 150 … Continue Reading

California Strengthens Breach Notification Requirements

This week California Governor Jerry Brown signed into law a new California data breach statute that strengthens notification requirements for residents of California. California currently has some of the most prolific and detailed consumer protection oriented laws impacting privacy and breach protection in the country. The current law requires that any entity that owns or … Continue Reading

Baker Hostetler Hosts Data Breach Webinar

On August 10, 2011, several members of Baker Hostetler’s Healthcare Industry and Privacy, Security and Social Media Teams hosted a webinar entitled “Are You Ready for a Data Breach?” The program focused on the complex and rapidly changing HIPAA/HITECH regulations and compliance issues facing healthcare institutions. The program also discussed the multimillion-dollar penalties that recently … Continue Reading

HHS to Propose New Privacy Standards for Human Research Subjects

The Department of Health and Human Services (HHS) provided an Advanced Notice of Proposed Rule Making (ANPRN) on July 22, 2011, to enhance protections for medical research subjects, including standards around privacy and data security. The ANPRN seeks comments on how better to protect human research subjects while facilitating valuable research. The current Common Rule … Continue Reading

New HIPAA Access Report: Proceed with Caution

We previously reported on the HIPAA Proposed Rule on Accounting of Disclosures and the new Access Report requirements. Further analysis of the proposed rule raises additional concerns for healthcare entities and providers. As a reminder, the Access Report requirements will mandate that, upon a patient’s request, a covered entity or business associate must provide an … Continue Reading

New Texas Health Care Privacy Law

Texas Governor Rick Perry just signed a law protecting patients’ data in electronic health records and increasing penalties for violation of the health care privacy laws. In what was a heated legislative session, this bill passed both houses without opposition, signaling widespread support for a stronger stance on protecting patients’ health information. The new law … Continue Reading