Posts tagged OCR
Compliance Alert: ACA Section 1557 Nondiscrimination Requirements for Medical Practices
Compliance Alert: ACA Section 1557 Nondiscrimination Requirements for Medical Practices

Beginning on October 17, 2016, medical practices (and other Covered Entities) who serve Medicare, Medicaid, VA, or TRICARE beneficiaries will be required to implement new practices related to nondiscrimination. The Final Rule, nearly 6 years in the making, is commonly called “Section 1557”--it implements Section 1557 of the Affordable Care Act, the purpose of which is to prevent discrimination based on race, color, national origin, sex, age, or disability

Read More
Medical PracticeRebecca GwiltSection 1557, medical practice, nondiscrimination, covered entity, LEP, OCR, HHS
OCR ramping up HIPAA Enforcement for "Small" Breaches
OCR ramping up HIPAA Enforcement for "Small" Breaches

We often advise our clients that one of the criteria separating a “high risk” breach from a “low risk” breach is whether the breach affects more or fewer than 500 individuals. This is because the HHS Office of Civil Rights (which is the HIPAA enforcement arm of HHS) has historically prioritized investigation of and corrective action following breaches affecting in excess of 500 individuals—OCR’s Regional Offices investigate all reported breaches involving the PHI of 500 or more individuals. However, OCR recently announced that it would be teaming up with its regional office staff to more widely investigate HIPAA breaches affecting fewer than 500 individuals—sending a strong signal to covered entities and business associates that no one is “safe” from repercussions emanating from a HIPAA breach.

Read More
HIPAA, Privacy, Professional LiabilityRebecca GwiltHIPAA, OCR
HIPAA Phase 2 Audit Program Commences
HIPAA Phase 2 Audit Program Commences

There is still time to protect your company or practice. In preparation for potential OCR audits, health care providers and health technology companies should conduct an internal audit of their compliance with State and Federal privacy and security rules, including HIPAA, and begin to address any shortfalls. OCR's increased budget and strategic plans related to HIPAA enforcement should remind the healthcare community of the growing commitment of the Federal Government to strictly enforce its privacy and security protections. Contact your healthcare attorney for advice on how to address your compliance posture.

Read More
HIPAARebecca Gwiltcovered entity, business associate, HIPAA, privacy and security, privacy, OCR
The Price of Overpromising
The Price of Overpromising

Health IT vendors are under incredible pressure to represent to customers that their hardware and software solutions are impervious to cyber threats. Pick any major trade show and the first line you'll hear from exhibitors is that their solution is HIPAA-compatible, and, even more misleading, HIPAA-compliant. It's important that vendors understand overstating security protocols and capabilities can have major legal and financial implications.

Read More
HIPAA, FTCRebecca GwiltHIPAA, Health IT, healthcare vendor, privacy and security, security, FTC, encryption, OCR, PHI, protected health information