In last week’s decision in Doe v. Guthrie Clinic, Ltd., the Second Circuit Court of Appeals certified to the New York Court of Appeals the issue of whether a medical corporation may be liable for the unauthorized disclosure of medical information, when the employee responsible for the breach was not a physician and was acting outside the scope of
Continue Reading Health Privacy Liability Issue Proceeds to NY Court of Appeals
The US Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) released final rules on January 17, 2013 governing the privacy and security of protected health information under HIPAA and the HITECH Act. The new rules take effect March 26, 2013; compliance is expected by September 23, 2013. This post will focus on the changes to the
Continue Reading New Breach Notification Requirements Released
On January 2, 2013, the US Department of Health and Human Services announced a $50,000 settlement with Hospice of North Idaho for a data breach involving the theft of a lost, unencrypted laptop computer containing the health information of 441 patients.
This settlement is the first for a reported breach affecting fewer than 500 individuals. HHS Office of Civil Rights
Continue Reading First HHS Settlement for Small HIPAA Breach
The US Department of Health and Human Services Office of Civil Rights (“OCR”) recently released its HIPAA audit protocol. Audits of HIPAA compliance were mandated by the 2009 Health Information Technology for Economic and Clinical Health (“HITECH”) Act, which amended many parts of HIPAA and included breach notification requirements.
The OCR conducted a number of pilot audits of compliance with
Continue Reading Feds Release HIPAA Audit Protocol