The Information Sharing and Analysis Organization-Standards Organization (ISAO-SO) was set up under the aegis of the Department of Homeland Security pursuant to a Presidential Executive Order intended to foster threat vector sharing among private entities and with the government. ISAOs are proliferating in many critical infrastructure fields, including health care, where cybersecurity and data privacy are particularly sensitive issues given HIPAA requirements and disproportionate industry human and systems vulnerabilities. Therefore, in advising their companies’ management, general counsel and others might benefit from reviewing the FAQ’s and answers contained in the draft document that can be accessed at the link below.… Continue Reading
The U.S. Department of Health and Human Services, Office of Civil Rights (“OCR”), the agency tasked with enforcing the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), recently announced that it will redouble its efforts to investigate smaller breaches of Protected Health Information (“PHI”) that affect fewer than five-hundred (500) individuals.
It has been widely known that OCR opens an investigation for every breach affecting more than 500 individuals; this announcement describes OCR’s new initiative to investigate smaller breaches as well. OCR stated that in determining when it will open an investigation, it will evaluate a number of factors, … Continue Reading
On September 2, 2015, the U. S. Department of Health and Human Services (“HHS”) announced a $750,000 settlement with Cancer Care Group, P.C. (“CCG”), a radiation oncology practice in Indiana, for Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules violations. The alleged violations occurred in 2012, but a subsequent HHS Office for Civil Rights (OCR) investigation led to allegations from OCR that there was a lack of compliance with HIPAA Privacy and Security Rules requirements … Continue Reading
One thing’s certain – the vast and growing supply of data contained in electronic medical records systems will play a significant role in improving the speed and efficiency of research into new treatments in the years to come. The challenge will be striking an appropriate balance between the unquestionable promise of this data to enable research – research that will enhance available treatments and save lives – with the rights of individual patients in the privacy of their health information. Attempts to strike that balance are at the heart of current legislative, regulatory and policy initiatives that will shape the … Continue Reading
On Tuesday, September 1, 2015, from 1:00 PM to 2:00 PM ET, George Breen, Chair of Epstein Becker Green’s National Health Care and Life Sciences Practice Steering Committee, will co-present “Opportunities and Obstacles: Preparing for the Transition to the ICD-10 Code Set,” a webinar hosted by Bloomberg BNA.
With the transition to the ICD-10 code set coming in October, the health-care industry is grappling with adopting new technology and making last-minute preparations. The switch to ICD-10 also presents new opportunities to increase productivity and improve patient health.
The International Classification of Diseases is a standardized coding system used by … Continue Reading
Our colleague Mollie K. O’Brien at Epstein Becker Green wrote an advisory on a new law that will increase the protection of personal information under HIPPA by mandating encryption on all computerized data collected by health insurance carriers: “Beyond HIPAA: New Jersey Law Requires Encryption of Personal Data by Health Insurance Carriers.” Following is an excerpt:
In response to data breaches that have occurred across the United States, several of which involved the theft of laptop computers, beginning August 1, 2015, health insurance carriers in New Jersey will be obligated to do more to protect patient information than … Continue Reading
On September 23 and 24, 2014, the National Institute of Standards and Technology (“NIST”) and the Department of Health and Human Services Office of Civil Rights (“HHS OCR”) hosted their annual HIPAA conference “Safeguarding Health Information: Building Assurance through HIPAA security.”
OCR officials and key industry leaders engaged in dialogue regarding developments and trends in data breach incidents with respect to health information as well as stakeholder responses and best practices to mitigate risk and respond to potential incidents.… Continue Reading
The increasing prevalence of mobile technology in the healthcare sector continues to create compliance concerns for physician practices and other health care entities. While the Office of Civil Rights (OCR) of the Department of Health and Human Services, has traditionally focused on technology breaches within larger health systems, smaller physician practices and health care entities must also ensure that their policies and practices related to mobile technology do not foster non-compliance and create institutional risk.
Physicians Integrate Mobile Technology Into Daily Practice
On May 20, 2014, the Secretary of the Department of Health and Human Services (HHS) submitted the agency’s Annual Report to Congress on Breaches of Unsecured Protected Health Information for Calendar Years 2011 and 2012 (“Breach Report”). This report provides valuable insight for healthcare entities regarding their data security and enforcement priorities.
Section 13402(i) of the Health Information Technology for Economic and Clinical Health Act (HITECH) requires the Secretary of Health and Human Services to prepare an annual report regarding the number and nature of breaches report to HHS, as … Continue Reading
Our colleagues at Epstein Becker Green have issued a client alert: "HIPAA Omnibus Rule’s Impact on Notices of Privacy Practices," by Patricia M. Wagner, Brandon C. Ge, and Alaap B. Shah.
Following is an excerpt:
… Continue Reading
This health reform alert summarizes the key changes to the Notice of Privacy Practices ("NPP") requirements in the revised Health Insurance Portability and Accountability Act ("HIPAA") regulations (the "Omnibus Rule") as well as what covered entities need to do to be compliant. Because many covered entities may have modified their NPPs based on the Notice of Proposed Rulemaking issued on July 14, 2010
Our colleagues at Epstein Becker Green have issued a client alert: "Key Compliance Actions for the New HIPAA Privacy Regulations," by Patricia M. Wagner, Pamela D. Tyner, and Leah A. Roffman.
Following is an excerpt:
… Continue Reading
As noted in previous Epstein Becker Green health reform alerts, on January 25, 2013, the long-awaited final omnibus rule (“Omnibus Rule”) issued by the U.S. Department of Health and Human Services was published in the Federal Register. The Omnibus Rule makes sweeping changes to the privacy and security regulations under the Health Insurance Portability and Accountability Act (“HIPAA”).
In light of the Omnibus
Our colleagues Mark E. Lutes, Robert J. Hudock, and Patricia M. Wagner have issued an alert on modifications to the HIPAA privacy, security, and enforcement rules. Following is an excerpt:
On January 17, 2013, the Department of Health and Human Services released the highly anticipated, 563 page, Health Insurance Portability and Accountability Act (“HIPAA”) regulations (the “Final Rule”) that have been delayed for over 3 years. The Final Rule will be published in the Federal Register on January 25, 2013. The Final Rule addresses many of the compliance issues and unanswered questions facing covered entities and … Continue Reading
Epstein Becker Green has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. This will allow the firm to provide health care organizations with privacy and security risk assessments to protect the entities from breaches of protected health information (PHI). The health care industry has accepted the HITRUST CSF as the most widely adopted security framework. Epstein Becker Green is the first law firm to become a CSF Assessor and the designation exemplifies the firm’s distinct capability to identify and address risk for health care industry clients.
HITRUST provides resources, tools, education, and … Continue Reading
Kara Maciel, Member of the Epstein Becker Green Labor and Employment, Litigation, and Health Care and Life Sciences Practices, was recently interviewed by Employment Law360 concerning employer wellness programs.
According to the article, businesses are turning to wellness programs to curb health care expenses, but programs that aren’t carefully crafted can open employers up to costly privacy and discrimination litigation, attorneys say. Wellness programs can lead to big savings for employers by targeting behaviors that can cause conditions that drive up their health care expenditures. But programs that give employers too much information about their employees can leave employers vulnerable … Continue Reading