Tag Archives: HIPAA

Advocate Health Care Network Agrees to Pay $5.55 Million to Settle Potential HIPAA Penalties

Written by
On August 4, 2016, the Office of Civil Rights (“OCR”) announced that Advocate Health Care Network (“Advocate”), Illinois’ largest fully-integrated health care system, has agreed to pay a record-breaking $5.55 million to settle claims of multiple Health Insurance Portability and Accountability Act (“HIPAA”) violations involving electronic protected health information (“ePHI”).  The substantial settlement stems from the extent and duration of the alleged noncompliance and the large number of individuals whose information was compromised, among other factors. The OCR initiated [...] Read more

HHS/OCR Announces Launch of HIPAA Audit Program Phase 2

Written by
Today, the U.S. Department of Health & Human Services’s (HHS) Office for Civil Rights (OCR) announced the launch of Phase 2 of its HIPAA Compliance Audit Program. (OCR’s announcement can be accessed at Audit Phase 2 Announcement and further information about Phase 2 can be accessed at Audit Phase 2 Information.) In this phase, OCR will review the policies and procedures that covered entities and business associates have adopted and implemented to meet certain standards and implementation specifications of the HIPAA Privacy, Security, and/or Breach Notification Rules. Phase 2 will consist [...] Read more

HHS Issues HIPAA Security Rule Crosswalk with NIST Cybersecurity Framework

Written by
Last week, the HHS Office for Civil Rights (OCR) released a crosswalk between the requirements of the HIPAA Security Rule and the NIST Cybersecurity Framework. The crosswalk – which was developed in conjunction with the National Institute of Standards and Technology (NIST) and the HHS Office of the National Coordinator for Health IT – maps each administrative, physical and technical safeguard standard and implementation specification of the HIPAA Security Rule to the relevant subcategory in the Cybersecurity Framework. HHS notes that, because of the granularity of the NIST Cybersecurity [...] Read more

Peter Swire and Dominique Shelton Speaking at IAPP 2015 Privacy. Security. Risk. Conference

Written by
Peter Swire and Dominique Shelton will be featured speakers at the International Association of Privacy Professionals (IAPP) 2015 Privacy. Security. Risk. Conference, hosted by the IAPP Privacy Academy and CSA Congress. The conference will be held in Las Vegas on September 28-October 1, 2015. Leading innovators and practitioners in the field will be covering various topics relating to privacy and cloud security. On October 1, 1:15pm-2:15pm, Peter will be a featured speaker during the session "HIPAA Then and Now and the Valuable Insights of Monday Morning Quarterbacks." On September 30, [...] Read more

Paula Stannard Authors Bloomberg BNA Article on Business Associates HIPAA Compliance

Written by
Paula Stannard, one of the practice leaders of the firm’s HIPAA Privacy & Security Team authored, “Business Associates’ HIPAA Compliance: Should Covered Entities Be Concerned?” in Bloomberg BNA’s Health IT Law & Industry Report. The article discusses why HIPAA covered entities (or business associates) should be concerned about the ability of their business associates (or subcontractor business associates) to comply with the applicable HIPAA requirements, outlines a series of questions to help covered entities determine for which (if any) business associates they may want to [...] Read more

HHS Issues Guidance on HIPAA and Workplace Wellness Programs

Written by
On Thursday, April 16, 2015, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued guidance, consisting of two frequently asked questions (FAQs), on the application of the HIPAA Privacy, Security, and Breach Notification Rules to workplace wellness programs. HHS explains in one of the FAQs that the application of HIPAA to workplace wellness programs depends on whether the wellness program is offered as part of a group health plan for employees, or if it is offered independent of such a group health plan.  If the wellness program is offered as a part [...] Read more

Alston & Bird Welcomes Peter Swire

Written by
Alston & Bird is pleased to announce that Peter Swire has joined the firm's Privacy and Security practice as Senior Counsel. Peter was President Clinton’s Chief Counselor for Privacy in the U.S. Office of Management and Budget. He also served as one of five members of President Obama’s Review Group on Intelligence and Communications Technology, formed in the wake of Edward Snowden’s revelations regarding surveillance activities by the U.S. National Security Agency. Peter has long been a thought and action leader in the privacy and security space. During his time in the Clinton administration, [...] Read more

HIPAA/HITECH Act Accounting of Disclosures NPRM: Redux?

Written by
In May 2011, the Office for Civil Rights (OCR) of the U.S. Department of Health & Human Services (HHS) issued a proposed rule to modify the HIPAA Privacy Rule’s standard for accounting of disclosures of protected health information (PHI). The proposed rule would have implemented the HITECH Act’s requirement for covered entities and business associates to account for disclosures of PHI to carry out treatment, payment and health care operations if the disclosures are through an electronic health record (EHR). HHS also proposed to expand the accounting provision to provide individuals with [...] Read more

Alston & Bird Health Care Advisory: HIPAA Audit Program Phase 2 Update

Written by
We have previously blogged about the U.S. Department of Health & Human Services HIPAA Audit Program, including the Audit Program pilot (November 30, 2011 and March 7, 2012), the release of the Office for Civil Rights (OCR) audit protocols (June 26, 2012), and the status of phase 2 of the Audit Program (February 26, 2014 and September 16, 2014).  Today, Alston & Bird issued a Health Care ADVISORY on the status of Phase 2 of the HIPAA Audit Program, in which we discuss recent guidance from OCR on the HIPAA Audit Program and its status and provide some basic compliance reminders that may [...] Read more

Laboratories Must Comply with New HIPAA Patient Access Rules by October 6, 2014

Written by
HIPAA covered laboratories and hospitals with laboratories subject to the Clinical Laboratory Improvement Amendments of 1988 (“CLIA”) must comply with changes to the HIPAA Privacy Rule that provide patients with direct access to laboratory test results by October 6, 2014.  Earlier this year, the Centers for Medicare & Medicaid Services, the HHS Office for Civil Rights and the Centers for Disease Control and Prevention published a final rule amending the CLIA regulations and the HIPAA Privacy Rule to provide patients with greater access to their lab test results.  As we previously blogged, [...] Read more