Blogs / Events / Articles / News

BEWARE OF THE MAN-IN-THE-MIDDLE: Malicious Eavesdroppers on the Internet

Imagine this: Dr. Primary is treating Patty Patient for substance abuse and emails Patty Patient’s protected health information (PHI) to a treatment clinic. Before the email arrives at the clinic, it is intercepted by a third party, Evan Eavesdropper, who publishes the PHI on the internet.  Evan Eavesdropper also decides to alter the PHI i...

Read more >>

Medical Marijuana Act Clouds the Rights of Employers to Establish and Enforce Marijuana Policies

  Pennsylvania’s recently passed Medical Marijuana Act (MMA) has left employers dazed and confused about whether they may continue to enforce zero tolerance drug policies. The MMA, which provides qualifying patients with access to medical marijuana through a safe and effective delivery method, is intended to balance patient need for access ...

Read more >>

Time is of the Essence When Reporting a Breach of PHI

 The failure to timely report a breach of unsecured protected health information (PHI) has cost Presence Health (one of the largest health systems in Illinois) almost half of a million dollars. Earlier this month, Presence Health agreed to pay $475,000 and enter into a corrective action plan (CAP) with the Office for Civil Rights (OCR) based ...

Read more >>

20 Years of HIPAA – Where We’ve Been and Where We’re Going

On August 21, 1996, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law by President Bill Clinton. The original purpose of the Act, which amended the Internal Revenue Code of 1986, was to improve the portability and continuity of health insurance coverage, combat waste, fraud, and abuse, promote the use of ...

Read more >>

Countdown to Compliance for Section 1557 of the Patient Protection and Affordable Care Act

If you are an entity covered by Section 1557 of the Patient Protection and Affordable Care Act (Section 1557), you have less than a week to prepare your non-discrimination notices and taglines. The final rule implementing 1557 requires that by October 16, 2016, healthcare providers and other covered entities publish and disseminate non-discrimi...

Read more >>

Lawrence Tabas to Speak at HIPAA Compliance Boot Camp

September 28, 2016 -- Lawrence J. Tabas will be a speaker at the “HIPAA Compliance Boot Camp” program on September 28th held at the Holiday Inn Philadelphia Stadium. Mr. Tabas' topics will include “How HIPAA Relates to Electronic Communication” and “Handling Medical Record Confidentiality Breaches: Best Practices for Worst-Case Scenarios...

Read more >>

The Doctor Will See You Right Now: Understanding Urgent Care Centers

  In today’s busy world, convenience is a prized commodity. From pre-ordering and paying online for your favorite Starbucks drink to pulling up instantaneous directions on Google Maps, people value solutions that save time and make their lives easier. This trend carries over into the health care industry; most notably in the increasing popu...

Read more >>

Record-Breaking HIPAA Settlement Sends Strong Message to Covered Entities

This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of Health and Human Services’ Office for Civil Rights (“OCR”) revealed that Advocate’s widespread noncompliance wit...

Read more >>

HIPAA Compliance Is a Health Care Entity’s Secret Weapon in Preventing and Combating Ransomware Attacks

One of the fastest growing areas of cybercrime is ransomware. Ransomware is a type of malicious software that encrypts data and makes it inaccessible to authorized users. The hackers who orchestrate ransomware attacks demand that authorized users pay a ransom in order to obtain the key to decrypt their data. Payment is generally required to be pa...

Read more >>

Breach of ePHI Results in $2.7 Million Fine

Oregon Health & Science University (“OHSU”) has paid $2.7 million to the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle allegations that it violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). OHSU must also comply with a three-year corrective action plan. ...

Read more >>