Tag Archives: U.S. Department of Health and Human Services (HHS)

Boosts in Ransomware Attacks Spark Multiple Government Agency Responses

Following a recent U.S. government interagency report indicating that, on average, there has been an alarming 300 percent spike in daily ransomware attacks since early 2016 as compared with 2015, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) released new Health Insurance Portability and Accountability Act (“HIPAA”) guidance on … Continue Reading

Mobile App Compliance for Dummies: New Tool Helps Developers Understand Their Legal Compliance Requirements

In a joint effort by the Federal Trade Commission (FTC), Office for Civil Rights (OCR), HHS Office of National Coordinator for Health Information Technology (ONC), and Food and Drug Administration (FDA), a new web-based tool has been released that is designed to help developers of mobile health apps understand the multitude of federal laws and … Continue Reading

Cure of Security Rule Violations Following Breach of EPHI Cannot Save Covered Entities from $750,000 Settlement; Non-Breach Related Security Complaint Leads to $218,000 HIPAA Settlement

More than three years after the Cancer Care Group, P.C. (“CCG”) notified the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) of a breach of unsecured electronic protected health information (“ePHI”), the radiation oncology private practice settled and implemented a corrective action plan (“CAP”) with OCR for $750,000. This settlement … Continue Reading

New HHS Federal Research Conflict of Interests Regulations

On September 26, 2011, the U.S. Department of Health and Human Services (“HHS”) issued new regulations governing the disclosure by faculty members and research staff of significant financial interests related to certain federal grants, and the reporting of “financial conflicts of interest” to certain federal agencies by colleges and universities that receive funding for Public … Continue Reading

HITECH Privacy and Security Regulations Currently Being Drafted

The Health Information Privacy page of the U.S. Department of Health and Human Services (HHS) website has formally announced that regulations implementing the privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act will soon be published (along with a comment period) relating to (1) business associate liability; (2) new limitations on the sale of protected health information, marketing and fundraising communications; and (3) stronger individual rights to access electronic medical records and restrict the disclosure of certain information. Although this posting is certainly welcome news, from a timing perspective the announcement only indicates that "OCR continues work on a Notice of Proposed Rulemaking (NPRM) regarding these provisions."… Continue Reading

New Regulations Expand Mental Health Parity Requirements for Group Health Plans

On January 29, 2010, the U.S. Departments of Labor, Health and Human Services and the Treasury jointly issued interim final regulations implementing the Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008 ("MHPAEA"). The MHPAEA, as implemented by the interim final regulations, greatly expands the parity standards of its predecessor, the Mental Health Parity Act of 1996 ("MHPA 1996").… Continue Reading
LexBlog