Tag Archives: HHS

Anthem Settles with OCR for $16M for 2015 Data Breach

The Department of Health and Human Services Office for Civil Rights (OCR) announced this week that it has settled the largest health care data breach for the largest enforcement fine in history. OCR settled the massive data breach Anthem suffered in 2015 for $16 million—a substantially larger fine than any others assessed by OCR for … Continue Reading

OIG Announces New Multidisciplinary Cybersecurity Team

The Office of Inspector General (OIG) recently announced the creation of a cybersecurity team focused on combating threats within the Department of Health & Human Services (HHS), and within the health care industry. The team includes auditors, evaluators, investigators, and attorneys with experience in cybersecurity matters, and its work is intended to build on the … Continue Reading

Ciox Health, LLC Initiates Lawsuit against the Department of Health and Human Services Over Medical Records Request Fees under HIPAA and HITECH

On January 8, 2018, Ciox Health, LLC (Ciox) filed a complaint against the Department of Health and Human Services (HHS) and then-acting Secretary Eric D. Hargan, alleging that the Department’s rules and guidance, under HIPAA and HITECH, “impose[] tremendous financial and regulatory burdens on health care providers and threatens to upend the medical-records industry that … Continue Reading

Privacy Tip #92 – Finally, HHS Is Removing SSNs from Medicare Cards

For those of you who know me, you know that I have been very frustrated with the federal and state governments for continuing to use Social Security numbers for eligibility, enrollment and participating in Medicare and Medicaid. This includes listing individuals’ Social Security numbers on the Medicare and Medicaid cards. The good news is that … Continue Reading

HHS Releases Health Care Industry Cybersecurity Task Force Report

This week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task Force, made up of industry professionals from the public and private sectors to identify and develop recommendations “on the growing … Continue Reading

HHS Office of the Assistant Secretary for Preparedness and Response Issues Series of Cybersecurity Updates in Response to WannaCry Attack

In response to the WannaCry ransomware attack that infiltrated the computer systems of health care systems and other entities worldwide on or around May 12, 2017 (previously discussed here), HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) issued a series of updates to provide consumers and potentially affected organizations with information on … Continue Reading

21st Century Cures Act Includes Prohibition on Information Blocking and Mandates for Additional HIPAA Guidance

On November 30, 2016, the U.S. House of Representatives voted strongly in favor of the 21st Century Cures Act (the Act), an expansive health bill that addresses the discovery and development of new medical therapies as well the delivery of health care treatment by providers. In 2015, the House had previously approved an earlier version … Continue Reading

HHS guidance seeks to clarify scope of PSQIA

On May 24, 2016, the Department of Health & Human Services (HHS) issued guidance (Guidance) to health care providers and patient safety organizations (PSOs) in an attempt to clarify the definition of patient safety work product (PSWP) under the Patient Safety and Quality Improvement Act of 2005 and its implementing regulations (collectively, the PSQIA). The … Continue Reading

OIG laments failure to comprehensively address EHR fraud

The U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG) recently released a compendium (Compendium) of its top unimplemented recommendations.  The Compendium comprises 25 unimplemented past OIG recommendations that the OIG believes could have a positive impact on HHS programs in terms of cost savings and/or quality improvements.  The Compendium’s recommendations … Continue Reading

HHS/OCR releases guidance for mobile apps and health information exchange and “fact sheets”

The Office for Civil Rights has provided additional educational materials for app developers through the app developers portal that it developed last fall. The new material is intended to assist healthcare entities and software developers to learn from different scenarios that explain when HIPAA applies to mobile health apps and when it doesn’t. In particular, … Continue Reading

HHS proposes updates to confidentiality of Part 2 substance abuse treatment records

On February 5, 2016, the Department of Health and Human Services (HHS) issued proposes changes to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations, also known as “Part 2 records” which were published in the Federal Register on February 9, 2016. Significantly, the proposed changes update Part 2, which was originally enacted in … Continue Reading

OCR settlement reiterates importance of proactive security rule compliance

On September 2, 2015, the U.S. Department of Health & Human Services (HHS) announced that Cancer Care Group, P.C. (CCG), a physician practice located in Indiana, agreed to pay $750,000 as part of a settlement to resolve alleged violations of HIPAA’s Security and Privacy Rules. The HHS Office for Civil Rights (OCR) initiated an investigation … Continue Reading

HHS IT security found to be weak

The House of Representatives Energy and Commerce Committee issued a report late last week that the information security of the Department of Health and Human Services (HHS) has substantial weaknesses. Several incidents that occurred between 2012 and 2014 indicated that several agencies were compromised or attacked without the agency’s knowledge. In one instance, the report … Continue Reading

HHS issues fact sheet on HIPAA rules and resources

The Department of Health and Human Services (HHS) has released a fact sheet on the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA). Designed to apply to HIPAA-covered entities, including health care organizations, health care plans, providers, and their business associates, the fact sheet provides a basic overview … Continue Reading
LexBlog