Tag Archives: protected health information

Provisioning Workforce Access to Electronic Protected Health Information: It May Be ‘Common Sense,’ but Is It Easy to Implement?

By Paulette Thomas on Posted in HIPAA/HITECH
In December 2018, Pagosa Springs Medical Center settled potential Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule violations and entered into a corrective action plan with the Office for Civil Rights (OCR) at the U.S. Department of Health & Human Services. The incident involved a former employee who continued to have remote … Continue Reading

Physician Hospitalist Group Settles with OCR and Enters Into a Resolution Agreement for Failure to Have HIPAA Policies and Business Associate Agreement in Place

By Paulette Thomas on Posted in Data Breach Notification Laws, Data Breaches, HIPAA/HITECH, Medical Privacy
On Dec. 5, 2018, the Office for Civil Rights (OCR) of the U. S. Department of Health and Human Services (HHS) announced that Advanced Care Hospitalists PL (ACH) had entered into a $500,000 settlement and resolution agreement (RA) resulting from OCR’s investigation of ACH’s breach notification on April 11, 2014, and subsequent supplemental notification. On … Continue Reading

Aetna Agrees to Pay $17 Million and Implement Best-Practices Policy to Settle Claims of HIV-related Privacy Violations

By Brian P. Bartish and Laura E. Jehl on Posted in Data Breaches, HIPAA/HITECH, Privacy Class Actions
Last week, Aetna agreed to resolve class action claims of privacy violations related to the disclosure of thousands of members’ HIV status. The agreement will require the insurance giant to pay over $17 million into a settlement fund, the majority of which will be distributed to members of the affected class and to develop and … Continue Reading

OCR Clarifies “Reasonable, Cost-Based” Fee Calculations for Access to Medical Records

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Medical Privacy
By couching its position in an individual’s right to access protected health information (PHI), beginning on January 7, 2016, the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) issued guidance to covered entities clarifying access to PHI set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA). §45 … Continue Reading

Be Prepared: Redline Version of the HIPAA/HITECH Final Rule

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in HIPAA/HITECH, Medical Privacy
The final rule is significant for any organization that is considered to be a HIPAA covered entity (“CE”) (health systems, health care providers, health plans, etc.) or the more broadly defined business associate (“BA”).  During our initial analysis of the final rule, we note significant changes to the way a breach is defined and we … Continue Reading
LexBlog