On October 5, 2015, the HHS Office of Civil Rights (OCR) unveiled a new resource to provide mobile health (mHealth) developers guidance on complying with Health Information Portability and Accountability Act (HIPAA) requirements applicable to those organizations.
In an interesting September 30, 2015 opinion, Southern District of California Cynthia Bashant, applying California law, held that a series of HIPAA-related subpoenas that the U.S. Department of Justice served on Millennium Laboratories were not interrelated with prior qui tam lawsuits that had been filed against the company.
The HHS Office for Civil Rights (OCR) needs to improve and expand its health privacy and data breach enforcement efforts.
As HIPAA-regulated entities anxiously await the commencement of the Phase II HIPAA audit program, the Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) has issued a report critical of the Office for Civil Rights’ (OCR) HIPAA enforcement performance, effectively giving OCR “something to prove.”
Although the Office for Civil Rights (OCR) has indicated in the past that it would start its next round of HIPAA audits, apparently it means business now.
An Illinois circuit court judge has dismissed five of six claims in a consolidated class action against Advocate Health and Hospital Corporation arising from a data breach in July 2013.
The 2013 changes to HIPAA’s privacy and security regulations in combination with the government’s bolstered approach to compliance and enforcement reinforces the need for health care providers to remain focused on preparing for the inevitable likelihood that privacy or security issues will occur.
Now even the fitness tracker you wear on your wrist is compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Fitbit’s Corporate Wellness team is one of the fastest growing sectors of the company, and Fitbit voluntarily took this “proactive step” to implement a HIPAA compliance program so that it could broaden the company’s ability to work with all different types of employers who seek to implement wellness programs in the workplace.
On September 2, 2015, the U.S. Department of Health & Human Services (HHS) announced that Cancer Care Group, P.C. (CCG), a physician practice located in Indiana, agreed to pay $750,000 as part of a settlement to resolve alleged violations of HIPAA’s Security and Privacy Rules.