Latest HIPAA Settlement 2—a Lesson Still Not Yet Learned about Risk Analysis: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In its press release, the Department of Health and Human Services (“DHHS”) once again pointed out the importance of an organization-wide risk analysis. The press .. read more
Latest HIPAA Violation Settlement–$850,000 for a Stolen Laptop: HIPAA & HITECH Act Blog by Jonathan P. Tomes
I don’t understand why, with all the high six-figure and seven-figure resolution agreements (basically, settlements), covered entities do not provide adequate security for laptops and .. read more
Latest HIPAA Settlement—a Lesson Still Not Learned: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Although most civil money penalties (“CMPs”) to date have involved risk analysis—that is, failure to do one, failure to do a complete one, or failure .. read more
Phase II Audits: HIPAA Privacy, Security, and Breach Notification Heads Up: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Section 13411 of the HITECH Act requires the Department of Health and Human Services (“DHHS”) to audit covered entities and business associates to ensure that .. read more
Will HIPAA Let You Report a Suspected Ebola Case to Public Health Officials? HIPAA & HITECH Act Blog by Jonathan P. Tomes
If you encounter a patient that you suspect may have ebola, do you want to waste time wading through the HIPAA Privacy Rule to figure .. read more
Next Stage of DHHS Audits Coming: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The U.S. Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”) has not yet published an audit protocol for this year’s Phase .. read more
You Don’t Just “Address” an Addressable Implementation Specification: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Recently, a HIPAA consultant answered a question about whether one had to implement an addressable implementation specification. His answer was basically “no.” He must have .. read more
New $4.8 Million OCR Settlement for HIPAA Violations: HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Attorney and EMR Legal Consultant Alice M. McCart
According to a press release issued May 7, 2014, by the Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”), “Two health .. read more
Possible Defenses to an OCR Investigation into an Alleged HIPAA Violation Now on Premium Member Section: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In my How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know, Overland Park, KS: Veterans Press (2011), with .. read more
First HIPAA Enforcement Action against a County Government: HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Richard D. Dvorak
Last week, the Department of Health and Human Services (“DHHS”) announced in a press release its first HIPAA enforcement action against a county government and .. read more
