Yesterday’s $1.5M “Resolution Agreement” between Blue Cross Blue Shield of Tennessee and the U.S. Department of Health and Human Services, the agency responsible for enforcing HIPAA, is the fourth major settlement announced by HHS in the past 15 months and the third to exceed seven figures. This settlement has several important messages for employers. To learn… Continue Reading
Category Archives: Medical Privacy and HIPAA
Subscribe to Medical Privacy and HIPAA RSS FeedHHS HIPAA Penalties Send Employers and Providers a Message
Two days after announcing its first-ever HIPAA penalty, a whopping $4.3 million imposed against Cignet Health of Prince George’s County, Maryland, HHS announced that a large Massachusetts hospital had agreed to pay $1 million to avoid a penalty proceeding. Although the hospital did not admit liability and did not pay a penalty, the settlement demonstrates… Continue Reading
Hospital’s Post-Offer Medical Questions May Violate ADA, Title VII, and Employee Privacy Rights
By David Goldstein According to a Michigan federal district court decision, Garlitz v. Alpena Regional Medical Center, a hospital may be liable for violations of the Americans with Disabilities Act (ADA), Title VII, and violation of privacy rights for withdrawing an employment offer to a medical technologist after she refused to answer a post-offer, preemployment… Continue Reading
HIPAA Privacy and Security Audits Begin in November 2011
The HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, requires the United States Department of Health and Human Services (“HHS”) to perform periodic audits of covered entities and business associates to ensure compliance with the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996… Continue Reading
HHS’ One-Two HIPAA Penalty Punch Sends a Message to Employers and Providers
Two days after announcing its first-ever HIPAA penalty, a whopping $4.3 millionimposed against Cignet Health of Prince George’s County, Maryland, HHS announced that a large Massachusetts hospital had agreed to pay $1 million to avoid a penalty proceeding. Although the hospital did not admit liability and did not pay a penalty, the settlement demonstrates how… Continue Reading
Agency’s Withdrawal of HIPAA Security Breach Notification Regulations Creates Uncertainty for Employers and Health Care Providers
In a two-paragraph press release recently posted on its website, the U.S. Department of Health and Human Services (HHS) announced the withdrawal of its interim final regulations addressing security breach notification for breaches that involve protected health information (PHI) subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The interim final regulations… Continue Reading
Enhanced HIPAA Penalties Raise Stakes for Employers and Health Care Providers Responding to a Security Breach
While HIPAA’s recently enhanced penalty provisions and newly enacted security breach notification requirements have each received a significant amount of attention, the connection between them and its significant implications for employers and health care providers subject to HIPAA have not. Most significantly, because of the enhanced penalties, it is critical that covered entities conduct a… Continue Reading
Jail Time for Physician’s HIPAA Violation Highlights Need to Redouble Compliance Efforts
A visiting cardiothoracic surgeon from China, working as a researcher at UCLA School of Medicine, became the first person sentenced to prison for unauthorized access to medical records in violation of HIPAA. The few criminal convictions for HIPAA violations to date have involved monetary gain, such as a hospice worker’s use of patient records to… Continue Reading