HIPAA and NIST: What’s the Connection? HIPAA & HITECH Act Blog by Jonathan P. Tomes
The National Institute for Standards and Technology [“NIST”] first became involved with HIPAA when it published “An Introductory Resource Guide for Implementing the Health Insurance .. read more
Does the European Union’s General Data Protection Regulation (“GDPR”) Affect You? HIPAA & HITECH Act Blog by Jonathan P. Tomes
The European Union’s General Data Protection Regulation (“GDPR”) protects personal data for European Union (“EU”) residents around the world. Under it, any business or organization, .. read more
California Exempts HIPAA Covered Entities from Its New Consumer Privacy Act: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In June 2018, the California legislature passed the California Consumer Privacy Act (“CCPA”), which was intended to change state law to better protect the privacy .. read more
HIPAA Waivers for Hurricane Florence Issued: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Following the President’s declaration of a state of emergency, the Secretary of the U.S. Department of Health and Human Services has also declared a Public .. read more
Another State Fine for a HIPAA Security Breach: HIPAA & HITECH Act Blog by Jonathan P. Tomes
As we’ve previously noted in this blog, the Office for Civil Rights (“OCR”) of the Department of Health and Human Services (“DHHS”), the Federal Trade .. read more
What Will HIPAA Let You Do if You Are Slammed on Social Media? HIPAA & HITECH Act Blog by Jonathan P. Tomes
No matter how good a practitioner you are and how perfectly you handled a particular patient/client health problem, you could certainly end up with a .. read more
Back to School: Time for HIPAA Training for Your Workforce: HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Alice M. McCart
It’s back-to-school time here in America, so it’s time to think about learning what we need to know and, by expansion, training our people in .. read more
Securing EHRs on Mobile Devices—New NIST Guidance: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The single biggest category of DHHS civil money penalties involves loss or theft of EHRs on mobile devices. The only guidance in the Security Rule .. read more
Must You Audit Your Business Associates for HIPAA Compliance? HIPAA & HITECH Act Blog by Jonathan P. Tomes
Now that the HITECH Act and the Omnibus Rule have made covered entities potentially liable for breaches by their business associate, see Compliance Hit: Expanded .. read more
DHHS Finally to Draft Rule for Sharing HIPAA Civil Money Penalties with Victims: HIPAA & HITECH Act Blog by Jonathan P. Tomes
DHHS has announced that it will issue the advance notice for receiving comments on proposed rules for sharing a percentage of HIPAA civil money penalties, .. read more