Tag Archives: HHS

Update: Final HITECH Act Regulations Amending HIPAA Privacy And Security Will Be Published In 2012

During 2011, informal indications were given by the HHS Office of Civil Rights (OCR) and various industry experts that the final HITECH Act regulations amending the HIPAA privacy and security regulations would be published by the end of 2011. However, as of January 6, 2012, the regulations continue to be delayed, due to the numerous … Continue Reading

Privacy and Data Breach Regulatory Activity–A Year in Review

While plaintiffs continue to face an uphill battle proving damages in privacy litigation – regulatory actions and investigations seem to be increasing.  During 2011, we saw activity from many government agencies—both state and federal—including the Federal Trade Commission (FTC), Department of Education (DOE), Department of Health and Human Services (HHS) Office for Civil Rights (OCR), … Continue Reading

HHS to Propose New Privacy Standards for Human Research Subjects

The Department of Health and Human Services (HHS) provided an Advanced Notice of Proposed Rule Making (ANPRN) on July 22, 2011, to enhance protections for medical research subjects, including standards around privacy and data security. The ANPRN seeks comments on how better to protect human research subjects while facilitating valuable research. The current Common Rule … Continue Reading

Proposed Rule Would Change HIPAA Accounting of Disclosures – Covered Entities Will Continue to Face Significant Technical Challenges

On May 31, 2011, the U.S. Department of Health and Human Services (HHS) published a proposed rule adopting sweeping changes to the “accounting of disclosures” requirement under 45 C.F.R. § 164.528 that likely are to have a significant impact on the health information technology (HIT) systems being implemented by many healthcare providers, health plans (including … Continue Reading

HHS Inspector General Reports Highlight IT Security Gaps in Health Care

On May 16, the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) issued two reports critical of the government’s efforts to build and enforce a federal information security framework for protecting individuals’ electronic protected health information (ePHI).  Of particular interest to health care providers and health plans, these reports … Continue Reading

HIPAA Bombshells — Major Civil Monetary Penalties Imposed Against Covered Entities for Privacy Violations

The last week of February 2011 will likely be remembered as a noteworthy milestone in the history of HIPAA privacy enforcement by the Department of Health and Human Services (“HHS”).  Showing that HHS intends to vigorously exercise the expanded civil monetary penalty enforcement provisions enacted in 2009 under the Health Information Technology for Economic and … Continue Reading

Noteworthy Data Privacy and Information Security Events in 2010

The two events that drew the most attention in 2010, both of which occurred at year-end, were reports from the FTC and the Department of Commerce.  Below is a brief summary of those two reports and other issues drawing attention in the past year: (1) FTC Issues Long-Awaited Consumer Privacy Policy Report On December 1, … Continue Reading

HHS Withdraws Draft Of Final HIPAA Breach Nofitifcation Rule

On July 28, 2010, the Office of Civil Rights (OCR) of the Department of Health and Human Services (HHS) announced that it withdrew the draft of the final rule for HIPAA breach notification that it had submitted in May to the Office of Management and Budget (OMB) for review. The possible reasons for such withdrawal will be discussed below, but covered entities should note that the obligation to report breaches of unsecured protected health information (PHI), which took effect on September 23, 2009, following the publication of an Interim Final Rule promulgated under the Health Information Technology for Economic and Clinical Health Act (HITECH Act), remains in effect. All covered entities, and their business associates, should have in place and/or adhere to an effective Breach Notification Policy containing appropriate procedures to investigate, report and mitigate breaches of privacy or security of PHI.… Continue Reading
LexBlog