What Do You Do If the HIPAA S**t Hits Your Fan and the Feds Come after You?: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Many of you will (hopefully) never need the guidance in this blog post. And I have never read a HIPAA blog post or article talking .. read more
PHI with No Cover Sheet Warning Left on a Desk—Who’s Liable? HIPAA & HITECH Act Blog by Jonathan P. Tomes
One of our EMR Legal clients and Veterans Press customers recently emailed me the following question: If a workforce member leaves a page from a .. read more
Deny Me My Records? Pay $85,000 under the HIPAA Right of Access! HIPAA & HITECH Act Blog by Jonathan P. Tomes
I have previously written about one of the easiest ways to get a civil money penalty (or a state sanction (see California)—that is, failing to .. read more
Change to 42 C.F.R. Part 2? HIPAA & HITECH Act Blog by Jonathan P. Tomes
As substance abuse treatment providers know, 42 C.F.R. Part 2 “trumps”―that is, preempts―the HIPAA Privacy Rule because it gives more protection for substance abuse treatment .. read more
Who’s the Biggest Ransomware Attack Target? YOU!: HIPAA & HITECH Act Blog by Jonathan P. Tomes
A recent, May 1, 2019, study by the endpoint security firm Cylance determined that the health care industry was the biggest target for malware attacks .. read more
DHHS Clarifies When OCR Can Sanction BAs with a CMP: HIPAA & HITECH Act Blog by Jonathan P. Tomes
To clear up confusion about business associate liability for HIPAA violations, on May 24, 2019, the Department of Health and Human Services (“DHHS”) Office for .. read more
Building Security—More Than Just Locks on the Doors: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In this digital world, forgetting about something as low-tech as physical security of the building in which a covered entity or a business associate is .. read more
Health Care Data Security Generally Sucks: HIPAA & HITECH Act Blog by Jonathan P. Tomes
A recent study by Forescout Technologies, Inc., an internet of things (“IoT”) company in San Jose, California, concluded that the health care industry’s data security .. read more
The State Attorney General Won’t Sue You for a HIPAA Violation, So You Won’t Be Sued, Right? Wrong: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The initial conventional wisdom when HIPAA first came out was that a covered entity could not be sued for a HIPAA violation because it was .. read more
Lack of Business Associate Agreement Costs $500,000! HIPAA & HITECH Act Blog by Jonathan P. Tomes
Advanced Care Hospitalists PL (“ACH”) recently settled a Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”) enforcement action for $500,000 for .. read more