OCR ramping up HIPAA Enforcement for "Small" Breaches

We often advise our clients that one of the criteria separating a “high risk” breach from a “low risk” breach is whether the breach affects more or fewer than 500 individuals. This is because the HHS Office of Civil Rights (which is the HIPAA enforcement arm of HHS) has historically prioritized investigation of and corrective action following breaches affecting in excess of 500 individuals—OCR’s Regional Offices investigate all reported breaches involving the PHI of 500 or more individuals. However, OCR recently announced that it would be teaming up with its regional office staff to more widely investigate HIPAA breaches affecting fewer than 500 individuals—sending a strong signal to covered entities and business associates that no one is “safe” from repercussions emanating from a HIPAA breach.

PrivacyRebecca GwiltAugust 19, 2016HIPAA, OCR

How Should My Practice Respond to a Breach?

Despite the risk of experiencing a HIPAA breach exceeding 89%, fewer than half of healthcare organizations have formal incident response plans and procedures. When an actual or suspected breach occurs, it is vital for covered entities and business associates to have a simple, streamlined, and expeditious plan to respond. These breaches can be anything from a lost thumb drive or laptop to a sophisticated cyber-attack, but a good breach response plan will be flexible enough to work in a variety of circumstances. There are standard responses that the Department of Health and Human Services’ (HHS) Office of Civil Rights (the government entity that polices HIPAA compliance) (OCR) expects to see when health data has been compromised. These include protocols for investigation, mitigation, and notification of affected individuals.

PrivacyRebecca GwiltAugust 8, 2016HIPAA, breach, breach response, security incident, privacy and security

HIPAA "Straight Talk" with Nixon Law Group

Healthcare providers in today's environment are dependent upon health information technology like electronic health records, cloud-based billing and practice management solutions, and mobile devices like laptops and iPads to run their practices. The reliability and security of this technology is key to both operations and compliance. However, physicians aren't IT professionals, and practice managers are security specialists. So how do they manage compliance risks without cutting into resources needed to provide patient care? On Tuesday, April 26, 2016, Rebecca E. Gwilt, Esq. and Joan Kassell, MLIS, CPIA will meet with Virginia practitioners to discuss what the data shows are the most common sources of health data breaches and OCR settlements. The data reveals that there are a few simple steps any physician can take to protect their practice and patients and to begin to build a robust compliance program. Topics will include (1) realistic threats to healthcare practices, (2) breaches in the real world and what they tell us, and (3) reducing the likelihood a breach will bury your practice.

PrivacyRebecca GwiltApril 15, 2016HIPAA, physician, security, privacy and security

HIPAA Phase 2 Audit Program Commences

There is still time to protect your company or practice. In preparation for potential OCR audits, health care providers and health technology companies should conduct an internal audit of their compliance with State and Federal privacy and security rules, including HIPAA, and begin to address any shortfalls. OCR's increased budget and strategic plans related to HIPAA enforcement should remind the healthcare community of the growing commitment of the Federal Government to strictly enforce its privacy and security protections. Contact your healthcare attorney for advice on how to address your compliance posture.

PrivacyRebecca GwiltMarch 25, 2016covered entity, business associate, HIPAA, privacy and security, privacy, OCR

Rebecca E. Gwilt speaking at CMS' DATA PRIVACY DAY Forum

NLG Partner Rebecca E. Gwilt speaking at Centers for Medicare & Medicaid Services DATA PRIVACY DAY forum, alongside Maya Bernstein, HHS ASPE Senior Advisor for Privacy Policy and Rogelyn McLean, HHS Office of General Counsel. Rebecca will be sharing her perspective on the role of the government in creating a workable framework for HIPAA compliance and the role of the private sector in respecting privacy, safeguarding data and enabling trust.

Firm News, Privacy, Care Management ServicesRebecca GwiltJanuary 28, 2016CMS, data privacy, Rebecca Gwilt

The Price of Overpromising

Health IT vendors are under incredible pressure to represent to customers that their hardware and software solutions are impervious to cyber threats. Pick any major trade show and the first line you'll hear from exhibitors is that their solution is HIPAA-compatible, and, even more misleading, HIPAA-compliant. It's important that vendors understand overstating security protocols and capabilities can have major legal and financial implications.

HIPAA and Gun Control

On January 6, 2016, in a dramatic national press conference, President Obama announced several actions by his administration to address gun violence in the US. One of these actions is a long-planned modification to the Health Insurance Portability and Accountability Act (HIPAA). The same day, the Department of Health and Human Services (HHS) published a Final Rule adding a permitted disclosure to the HIPAA Privacy Rule, which expressly permits a limited number of Covered Entities to disclose protected health information (PHI) of certain individuals to the National Instant Criminal Background Check System (NICS). The modification is aimed at removing one barrier to expanding the quality of the information in NICS, which is used by firearms vendors to disqualify potential purchasers who are federally barred from owning firearms.

What You Need To Know

Who We Are

Who We Serve

The Latest

Contact

Get Started

Nixon Gwilt Law
216 Apple Blossom Court, Suite 200
Vienna, VA 22181

What You Need To Know

Nixon Gwilt Law216 Apple Blossom Court, Suite 200Vienna, VA 22181

Nixon Gwilt Law
216 Apple Blossom Court, Suite 200
Vienna, VA 22181