Data Privacy & Security/HIPAA/HITECH

Recently, the U.S. Department of Health and Human Services (HHS) announced a settlement with the Hospice of North Idaho (HONI) for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  The settlement, which was for $50,000, is unique because it is the first settlement involving a breach of electronic

The Director of the Office of Civil Rights (“OCR”), Leon Rodriquez, has made clear that he “absolutely” plans to continue the office’s ongoing efforts to ramp up enforcement of HIPAA with resolution agreements, civil monetary penalties and other enforcement actions.  He has emphasized that privacy and security are issues that “really matter to me personally

The Department of Health and Human Services Office for Civil Rights (OCR) recently released the protocol it developed as a guideline for conducting the HIPAA privacy, security and breach notification audits mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act enacted in 2009. The OCR launched the audit program in 2011 and developed the protocol based on the first 20 audits completed under the program. Three of the initial audits were performed on group health plans, highlighting that employer-sponsored group health plans are subject to the Health Insurance Portability and Accountability Act (HIPAA) as covered entities and are subject to audit under the protocol. The audit program represents a significant shift in HIPAA enforcement from the largely reactive, complaint-based enforcement of the past to proactive compliance monitoring.

The pilot phase of the audit program began in November 2011 and is expected to include audits of 115 covered entities by December 2012. HITECH extended HIPAA compliance requirements to business associates and, therefore, business associates are expected to be included in the audit program following publication of the final HITECH regulations. The OCR indicated that funds have already been appropriated to carry out the audit program in 2013 and 2014.

The Alaska Department of Health and Human Service, the state’s Medicaid agency, has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.7 million to settle possible violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  According to a press release issued by the Office of Civil

Pete Enko and Steve James presented a webinar on HIPAA HITECH enforcement including breach notification requirements, response strategies and what to expect with upcoming HIPAA audits.

To watch a recording of this webinar, click here.

If you have any questions regarding these materials, please contact  Pete Enko (816-983-8312 or pete.enko@huschblackwell.com) or Steve