Must You Audit Your Business Associates for HIPAA Compliance? HIPAA & HITECH Act Blog by Jonathan P. Tomes
Now that the HITECH Act and the Omnibus Rule have made covered entities potentially liable for breaches by their business associate, see Compliance Hit: Expanded .. read more
DHHS Finally to Draft Rule for Sharing HIPAA Civil Money Penalties with Victims: HIPAA & HITECH Act Blog by Jonathan P. Tomes
DHHS has announced that it will issue the advance notice for receiving comments on proposed rules for sharing a percentage of HIPAA civil money penalties, .. read more
A Different Type of HIPAA Risk Analysis: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Long-time readers of my blog are probably sick of my preaching the importance of a HIPAA risk analysis in HIPAA compliance. And I’m not going .. read more
OCR Encourages Covered Entities to Perform a Gap Analysis: HIPAA & HITECH Act Blog by Jonathan P. Tomes
We at EMR Legal and Veterans Press have been encouraging our clients and customers to perform a gap analysis since shortly after HIPAA became law .. read more
DHHS Issues New Guidance on HIPAA and Individual Authorization of Uses and Disclosures of PHI for Research: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The U.S. Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”) has issued new guidance for HIPAA-covered entities to streamline HIPAA authorizations .. read more
DHHS Issues Reminder to Address Physical Security, Particularly Workstation Security: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In May 2018, the U.S. Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”) issued its Cybersecurity Newsletter, “Workstation Security: Don’t Forget .. read more
Colorado Enacts a New Consumer Data Privacy Protection Law: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Colorado governor signed into law HB 1128, a new consumer data privacy protection law, which is intended to protect personal identifying information (“PII”). Effective .. read more
Biggest HIPAA Civil Money Penalty Yet—How Does $5.5 Million Sound? HIPAA & HITECH Act Blog by Jonathan P. Tomes
Memorial Healthcare System (“MHS”) settled with the U.S. Department of Health and Human Services (“DHHS”) for $5.5 million for potential violations of the Health Insurance .. read more
Mental Health and Substance Abuse PHI Reporting under HIPAA: HIPAA & HITECH Act Blog by Jonathan P. Tomes with guest commentator Alice M. McCart, J.D.
Trying to figure out what HIPAA and the HITECH Act require in the way of disclosing protected health information (“PHI”) under various circumstances in general .. read more
A Court Order Isn’t Necessarily a Court Order. What is necessary and sufficient? HIPAA &HITECH Act Blog by Jonathan P. Tomes
HIPAA is hard to understand, even for lawyers. One of the hardest HIPAA concepts to understand and apply is the difference between necessary and sufficient .. read more