What Do You Do If the HIPAA S**t Hits Your Fan and the Feds Come after You?: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Many of you will (hopefully) never need the guidance in this blog post. And I have never read a HIPAA blog post or article talking .. read more
Are You Encrypting Your Laptops and Other Portable Devices? HIPAA & HITECH Act Blog by Jonathan P. Tomes
Although encrypting portable devices is not absolutely required by the Security Rule—that is, it is an addressable, not a required, implementation specification—another seven-figure penalty demonstrates .. read more
New Ransomware Policy Posted for Premium Members: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Ransomware continues to be one of the most serious threats to health information and may be the most serious threat, so you may need a .. read more
Deny Me My Records? Pay $85,000 under the HIPAA Right of Access! HIPAA & HITECH Act Blog by Jonathan P. Tomes
I have previously written about one of the easiest ways to get a civil money penalty (or a state sanction (see California)—that is, failing to .. read more
DHHS Clarifies When OCR Can Sanction BAs with a CMP: HIPAA & HITECH Act Blog by Jonathan P. Tomes
To clear up confusion about business associate liability for HIPAA violations, on May 24, 2019, the Department of Health and Human Services (“DHHS”) Office for .. read more
Building Security—More Than Just Locks on the Doors: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In this digital world, forgetting about something as low-tech as physical security of the building in which a covered entity or a business associate is .. read more
The State Attorney General Won’t Sue You for a HIPAA Violation, So You Won’t Be Sued, Right? Wrong: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The initial conventional wisdom when HIPAA first came out was that a covered entity could not be sued for a HIPAA violation because it was .. read more
Changed HIPAA and HITECH Penalties—a Boon or a Trap for the Unwary: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Department of Health and Human Services (“HHS”) has announced a new penalty structure for the civil money penalties (“CMPs”) for HIPAA violations that apparently .. read more
A Masochist’s Guide to Getting a Huge, Painful HIPAA Penalty: HIPAA & HITECH Act Blog by Jonathan P. Tomes
A cynic might wonder whether some covered entities, and now business associates, want to become famous (perhaps infamous would be a better word) and break .. read more
Business Associates Face the Same HIPAA Penalties as Covered Entities: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Attorney General of New Jersey recently announced a $200,000 settlement for a HIPAA violation with a business associate, one of the classic examples of .. read more