protected health information Archives - Page 4 of 8

HHS Publishes HITECH Act Accounting of Disclosures NPRM

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has published in the May 31, 2011, Federal Register the Notice of Proposed Rule Making (NPRM) entitled HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Act (76(104), pp. 31426-31449). This NPRM is available online in pdf. Comments on the NPRM are requested to be submitted on or before August 1, 2011. The Summary of the NPRM with abbreviations, as noted, on p. 31426, is: “HHS is issuing this NPRM to modify the HIPAA Privacy Rule’s standard for accounting of disclosures of protected health information. The purpose of these modifications…

OMB Clears HITECH Act Accounting of Disclosures NPRM

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR), responsible for enforcement of the HIPAA Privacy, Security, and Breach Notification Rules, will issue a Notice of Proposed Rule Making (NPRM) to modify the HIPAA Privacy Rule as necessary to implement the accounting of disclosures provisions of Section 13405(c) of the Health Information Technology for Economic and Clinical Health Act (HITECH Act) (Title XIII of the American Recovery and Reinvestment Act of 2009–Public Law 111-5). Section 13405(c) is entitled: Accounting of Certain Protected Health Information Disclosures Required if Covered Entity Uses Electronic Health Record. The NPRM was submitted on February 9, 2011, by HHS to the Office…

Nearly 8.3 Million Individuals Impacted by 249 Privacy and Security Breaches Reported by HHS; More Training on Safeguarding PHI Required

Under the Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act of 2009, covered entities are required to report to the Secretary of the U.S. Department of Health and Human Services (HHS) any privacy or security breach affecting 500 or more individuals within 60 days of discovery of the breach by the covered entity or its business associate. The HHS Office for Civil Rights (OCR), which is responsible for privacy and security enforcement under the Health Insurance Portability and Accountability Act (HIPAA) and HITECH Act provisions that strengthened privacy and security enforcement, is required to post those breaches…

200 Breaches Impacting Almost 5.9 Million Individuals, with Theft and Loss of Laptops and PEDs Major Cause

December 2, 2010.M Under the Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act of 2009, covered entities are required to report to the Secretary of the Department of Health and Human Services (HHS) any breach affecting 500 or more individuals within 60 days of discovery of the breach by the covered entity or its business associate. The HHS Office for Civil Rights (OCR), which is responsible for HIPAA privacy and security enforcement, is required to post these HIPAA privacy or security breaches on its Web site (please note that this URL is a change from the initial…

OCR Reports 107 Breaches Affecting Over 4 Million Individuals (II)

The Office for Civil Rights (OCR) regularly updates its Web site listing of breaches affecting 500 or more individuals. As of July 2, 2010, there were 107 breaches listed that were reported to have occurred between September 22, 2009 and June 11, 2010. Individuals affected by these publicly listed breaches totaled 4,086,980. Six of the 107 breaches, or 5.6% of the total, affected 3,353,627 individuals, or 82% of the total. This is the second of three postings that analyzes the data from these 107 breaches. This posting (II) covers paper breaches. The first posting (I) covered electronic breaches, and the final posting (III) looks at the prevalence of business associate…

OMB Completes Review of HIPAA/HITECH Act Privacy, Security, Enforcement Rule Modifications NPRM

On July 1, 2010, the Office of Management and Budget (OMB) completed review of the Notice of Proposed Rulemaking (NPRM) entitled: Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act](RIN: 0991-AB57). The NPRM was received at OMB for review on April 12, 2010. It likely will be published in the Federal Register imminently. Legal authority for the NPRM is in Sections 13400 to 13410 of Subtitle D (Privacy) of the HITECH Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009 (Public Law 111-5), enacted on February 17, 2009. Those sections cover:…

OCR Reports 107 Breaches Affecting Over 4 Million Individuals (I)

As of the July 4th holiday weekend, the Office for Civil Rights (OCR) has updated again its Web site listing of breaches affecting 500 or more individuals. As of July 2, 2010, there were 107 breaches listed that were reported to have occurred between September 22, 2009 and June 11, 2010. Individuals affected by these publicly listed breaches totaled 4,086,980. Six of the 107 breaches, or 5.6% of the total, affected 3,353,627 individuals, or 82% of the total. This is the first of three postings that analyzes the data from these 107 breaches. This posting (I) covers electronic breaches, the next posting (II) covers hard copy (paper) breaches, and the…

Reported Breaches of 500 or More Individuals up to 93 and Affecting Over 2.5 Million Individuals; Enforcement and Penalties

As of Friday, June 4, 2010, 93 breaches affecting 500 or more individuals have been reported on the Office for Civil Rights (OCR) Web site. The total number affected has gone beyond 2-1/2 million individuals today, and stands at 2,565,352 individuals. Of the 87 breaches involving breach of hard copy or electronic protected health information, 26% involve hard copy or paper records and 74% records on electronic media or devices. Overall, 71% of the 93 breaches involve theft or loss of records, many of which might have been avoided by appropriate securing of hard copy records and electronic media and devices. Below we remind readers of the Department of Health…

Prison Time for Privacy Breach of PHI; OCR Breach List Continues to Grow; More Training Needed

Health Data Management reported in its April 29, 2010, online HDM Daily that “[a] former researcher at the UCLA School of Medicine has been sentenced to four months in federal prison for violations of the HIPAA privacy rule.” You may access and read the article by Joseph Goedert, “Prison for HIPAA Privacy Violater“. On the same day, April 29, the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) reported on its Web site 67 entities reporting “Breaches Affecting 500 or More Individuals” over the period September 22, 2009 to March 19, 2010. That is up from the 36 that OCR listed on its initial…

OCR Identifies 36 Entities with Breaches Affecting 500 or More Individuals

On Monday, February 22, 2010, the federal government, through the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS), began enforcing the Breach Notification Rule for breaches occurring on or after that date. The Breach Notification for Unsecured Protected Health Information; Interim Final Rule, was published in the Federal Register on Monday, August 24, 2009 [74 FR 42739-42770] and was effective September 23, 2009. Since September 22, 2009, 36 breaches of privacy or security of protected health information (PHI) affecting 500 or more individuals have been reported to OCR. The total number of individuals affected was 1,073,657, with two of the breaches involving 359,000 (FL)…