Practical HR Tips, News & Advice. Updated Daily.
HIPAA has become synonymous with medical records privacy, for good reason. Enacted more than 20 years ago, it gives individuals the power to decide who has access to their health records and has forced major changes in the way health care providers, health plans and businesses handle records.
A federal district court remanded the U.S. Equal Employment Opportunity Commission’s (EEOC) wellness program rules, finding it unclear how the rules’ 30% threshold met the Americans with Disabilities Act’s (ADA) requirement that wellness programs be “voluntary.”
A nonprofit health center in Colorado agreed to pay $400,000 to settle Health Insurance Portability and Accountability Act (HIPAA) security allegations after a hacker accessed employees’ e-mail accounts and obtained 3,200 individuals’ protected health information (PHI) in a phishing incident, the U.S. Department of Health and Human Services (HHS) announced April 12.
By David Slaughter, JD Legislation introduced by a key House Republican would largely negate the U.S. Equal Employment Opportunity Commission’s (EEOC) wellness program rules, which plan sponsors have criticized for adding a duplicative layer of regulation to earlier standards set by other agencies. BLR® Senior Legal Editor David Slaughter, JD, has the facts in today’s […]
A recent surge in monetary Health Insurance Portability and Accountability Act (HIPAA) settlements is altering the compliance landscape at a time when new technical and legal challenges also are coming into play, practitioners and regulators told a recent conference.
The Health Insurance Portability and Accountability Act’s (HIPAA’s) privacy rule does not exempt the sharing of information on cyber threat indicators, so HIPAA-covered entities and their business associates may not share protected health information (PHI) for this purpose unless HIPAA otherwise allows it, the U.S. Department of Health and Human Services (HHS) warned recently.
Most Health Insurance Portability and Accountability Act (HIPAA) enforcement has focused on the larger breaches of protected health information (PHI). But the U.S. Department of Health and Human Services (HHS) has not forgotten those incidents that fall below the “major” threshold of 500 individuals.
Advocate Health Care Network (Advocate) has agreed to pay $5.55 million to settle with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), multiple potential Health Insurance Portability and Accountability Act (HIPAA) violations involving electronic protected health information (ePHI). This is the largest HIPAA settlement to date against a single entity.
By David Slaughter, JD, Senior Legal Editor The month of July saw two hospitals reach multimillion-dollar Health Insurance Portability and Accountability Act (HIPAA) privacy and security settlements with the U.S. Department of Health and Human Services (HHS). Each case began with that most mundane of data breaches, the stolen laptop, but once HHS investigators started […]
The University of Mississippi Medical Center (UMMC) has agreed to pay $2.75 million to settle multiple alleged violations of the Health Insurance Portability and Accountability Act (HIPAA), following an investigation by the U.S. Department of Health and Human Services, Office for Civil Rights (OCR).