Articles and Blogs

State attorneys general are beginning to focus their attention on health care privacy laws under the authority granted to them by the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and state consumer laws.  On May 24, 2012, Massachusetts Attorney General Martha Coakley announced the filing of a final judgment with a... READ MORE

The Centers for Medicare & Medicaid Services (CMS) just released a final rule requiring all providers of medical or other items or services and suppliers that qualify for a National Provider Identifier (NPI) to include their NPI on all applications to enroll in the Medicare and Medicaid programs and on all claims for payment submitted... READ MORE

On April 17, 2012, the Department of Health and Human Services (“HHS”) announced that it had reached a settlement with Phoenix Cardiac Surgery, P.C. (the “Practice”) arising from potential violations of the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  This is the first Resolution Agreement under... READ MORE

The long-awaited final regulations arising from the Health Information Technology for Economic and Clinical Health Act (“HITECH”) appear finally to be near publication.  On March 24, 2012, the Office of Management and Budget (“OMB”) accepted for review the final HITECH regulations from the Department of Health and Human Services (“HHS”).  The OMB will review... READ MORE

On March 13, 2012, the Department of Health and Human Services (“HHS”) announced that it had reached a settlement with Blue Cross Blue Shield of Tennessee (“Blue Cross”) arising from potential violations of the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  Notably, HHS learned of the... READ MORE

HIPAA covered entities are required to submit reports of small breaches (impacting less than 500 individuals) that occurred during calendar year 2011 to the Office for Civil Rights (“OCR”) by February 29, 2012 pursuant to the HIPAA Breach Notification Rule.  Reports must be submitted electronically through OCR’s breach notification web page, which can be... READ MORE

The recent trend toward increased HIPAA enforcement is continuing with the recent announcement by the United States Department of Health and Human Services (“HHS”) that it would begin performing periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards.  Section 13411 of... READ MORE

The Department of Health and Human Services by the end of the year is expected to publish its final regulations implementing changes to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) arising from the Health Information Technology for Economic and Clinical Health Act (“HITECH”).  With these regulations pending and a trend toward increasing... READ MORE

Today, the Department of Health and Human Services (“HHS”) formally published its proposed regulations implementing changes to the Accounting of Disclosures provisions under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  The proposed regulations arise from requirements in the Health Information Technology for Economic and Clinical Health Act (“HITECH”), passed as part... READ MORE

The U.S. Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) entered into a Resolution Agreement with General Hospital Corporation and Massachusetts General Physicians Organization, Inc., collectively known as Mass General (“Mass General”) to resolve a potential violation of the Privacy Rule of the Health Insurance Portability and Accountability Act of... READ MORE