Data Privacy & Security/HIPAA/HITECH

Adoption of EHR technologies has greatly increased as the result of the EHR Incentive Program. Touted as one of the necessary building blocks for creating integrated delivery systems, EHR is considered vital to improve health quality, efficiency and patient safety.  The EHR Incentive Program has been very successful and CMS has awarded over $10

Marketing Involving PHI

The HIPAA Omnibus Rule made changes to the rules related to marketing involving PHI.  A marketing communication, as defined by HIPAA, is a communication about a product or service that encourages the recipient to purchase that product or service.  Previously, PHI could not be used or disclosed for a marketing communication without authorization unless

On January 17, 2013, the Office for Civil Rights of the U.S. Department of Health & Human Services issued its final rule modifying the HIPAA privacy, security, enforcement, and breach notification rules. The final rule became effective on March 26, 2013, and providers have just over a month left to comply with the new rule.  Compliance is required by September 23, 2013.

Changes to Breach Identification

Under the old standard, a reportable breach was an unauthorized use or disclosure of PHI that posed a significant risk of financial, reputational or other harm to the affected individual. Under the new standard, all unauthorized uses and disclosures of PHI are presumed to be reportable breaches unless, following a risk assessment, it is determined that there is a low probability that the PHI has been compromised.

Previously, we recommended including the following factors in breach risk assessments:

  1. the type and amount of PHI disclosed;
  2. to whom the PHI was disclosed; and
  3. the risk of further disclosure.

Welcome to our new series on HIPAA!

Whether you are feeling a little rusty on HIPAA issues or trying to figure out the new Omnibus rule, we hope you will find this information helpful.  Each week, we will be discussing a new aspect of HIPAA including:

  • HIPAA basics
  • New Omnibus regulations
  • Responding to subpoenas
  • HIPAA disasters
  • Enforcement

Recent national tragedies have refocused the nation on an important question:

Can or should a physician face civil liability for failing to warn of the dangers posed by a patient who later commits violence?

Husch Blackwell attorneys Greg Minana and Justin Stephens addressed this question under Missouri law in an article published in the May/June issue of Missouri Medicine.   In

Are you still trying to understand the changes made in the HIPAA Omnibus Rule?

Do you want an opportunity to ask questions and hear how other providers are handing HIPAA issues?

Do you need a chance to brush up on your HIPAA knowledge and evaluate current strategies? 

If so, then you should consider attending one

Are healthcare providers at your facility texting patient information to each other?  This type of communication is becoming more and more common, but such text messages are often in violation of HIPAA.  To address this issue, Sprint announced last week that it is now offering two texting products that provide the proper security for PHI

If you have been struggling to figure out the risk assessment requirements of the Final HIPAA Omnibus Rule, then you are in luck.  Join us for a webinar!  Husch Blackwell attorneys Pete Enko and Peter Sloan along with Director of Information Management Consulting Deb Juhnke will present the Who, What, When, How and Why

This post was provided by Debbie Juhnke in Husch Blackwell’s Information Governance group.

According to a recent KPMG report on data loss, the healthcare industry’s greatest exposures for data loss are hard copy loss/theft, PC theft, and social engineering, ranking first (in a tie), second, and third against other sectors respectively for percentage of data

Cyber security is on everyone’s mind.  President Obama signed an executive order in February aimed at increasing protection of our nation’s critical infrastructure, while HHS released its new HIPAA mega rule in January (effective in March) in an effort to strengthen the security of electronic health records.  As providers work to update their HIPAA policies