Skip to main content

Health Information Privacy & Security

Viewpoints

Filter by:

Viewpoint
This week, Congress and the White House need to finalize a government spending bill in order to avoid a shutdown. While all signs point to a deal being reached, it is widely expected that several agencies will be operating on a continuing resolution for the first couple months of fiscal year 2019. While the Departments of Labor, HHS, and Education are expected to receive a full appropriation prior to September 30th, the FDA, which is funded through the Department of Agriculture, is expected to be funded through the continuing resolution, which will go through December 7th.
In its most recent Cybersecurity Newsletter, OCR focuses on the intersection of HIPAA and information security.  To be sure, HIPAA requires covered entities and business associates to address their organizations’ information security.
Privacy and security compliance obligations for health care companies remain hot topics this spring. Health care companies must now contend with data breach laws in all 50 states as well as keeping on top of federal HIPAA developments.

HIPAA Tips from the Trenches

June 14, 2018| Blog

Earlier this week, I moderated a panel discussion at an event hosted by the New York chapter of the Health Information and Management Systems Society (HIMSS). The panel was comprised of private sector health information technology and security experts and was tasked with discussing challenges related to the interoperability and security of health information systems.
The May 2018 cyber security newsletter from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) focused on a topic often overlooked by covered entities and their business associates: physical security.
In less than 10 days, the European Union will begin enforcing its General Data Protection Regulation (GDPR) which will apply to any company that collects, processes, or uses EU-origin personal data, regardless of where the company is located.
Back in late 2015, we blogged about the interesting twist in the $125 million Warner Chilcott settlement that a Massachusetts physician had been criminally charged with violating the Health Insurance Portability and Accountability Act (HIPAA). That physician has now been convicted of the HIPAA violation, as well as an unrelated charge of obstructing a federal health care investigation. 
Mintz Levin has updated the Mintz Matrix, a comprehensive summary of the data breach notification laws that now exist in all 50 states (South Dakota and Alabama finally caved and enacted their own laws). It’s critical that HIPAA-regulated entities monitor these state laws because they apply simultaneously, and often conflict with, HIPAA.
Earlier this week, Mintz Levin’s Privacy & Security Matters blog posted an update that Alabama has become the 50th state to enact a data breach notification law.
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced a $100,000 settlement with a company that is no longer in business. Filefax, Inc. (Filefax) was an Illinois company that provided storage and delivery services for medical records held by covered entities.

Explore Other Viewpoints: