Deny Me My Records? Pay $85,000 under the HIPAA Right of Access! HIPAA & HITECH Act Blog by Jonathan P. Tomes
I have previously written about one of the easiest ways to get a civil money penalty (or a state sanction (see California)—that is, failing to .. read more
HHS OCR Issues New Guidance for Malicious Workforce Threats: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The 2018 Protected Health Information Data Breach Report found that 58 percent of security incidents resulted from insiders rather than outsiders, such as hackers. Discussing .. read more
DHHS Clarifies When OCR Can Sanction BAs with a CMP: HIPAA & HITECH Act Blog by Jonathan P. Tomes
To clear up confusion about business associate liability for HIPAA violations, on May 24, 2019, the Department of Health and Human Services (“DHHS”) Office for .. read more
Changed HIPAA and HITECH Penalties—a Boon or a Trap for the Unwary: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Department of Health and Human Services (“HHS”) has announced a new penalty structure for the civil money penalties (“CMPs”) for HIPAA violations that apparently .. read more
A Masochist’s Guide to Getting a Huge, Painful HIPAA Penalty: HIPAA & HITECH Act Blog by Jonathan P. Tomes
A cynic might wonder whether some covered entities, and now business associates, want to become famous (perhaps infamous would be a better word) and break .. read more
Business Associates Face the Same HIPAA Penalties as Covered Entities: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Attorney General of New Jersey recently announced a $200,000 settlement for a HIPAA violation with a business associate, one of the classic examples of .. read more
Security Breaches Aren’t the Only Compliance Risks! So Are Privacy Rights Violations: HIPAA & HITECH Act Blog by Jonathan P. Tomes
A recent announcement by the Dental Board of California has reinforced the notion that having a breach of security, such as a hacker’s gaining access .. read more
DHHS Seeks Your Comments: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Office for Civil Rights (“OCR”) of the Department of Health and Human Services (“DHHS”) has issued a Request for Information (“RFI”), seeking public comments .. read more
$125,000 for Talking to a Reporter? HIPAA & HITECH Act Blog by Jonathan P. Tomes
After the last three technically orientated blog posts on the medical Internet of Things (“mIoT”), perhaps it’s time to remember that there is a higher .. read more
Risk and the Internet of Things (“IoT”): HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Internet of Things (“IoT”) is a concept that is becoming more and more important in HIPAA compliance. The Internet of Things generally is the .. read more