OCR Reports 107 Breaches Affecting Over 4 Million Individuals (II)

The Office for Civil Rights (OCR) regularly updates its Web site listing of breaches affecting 500 or more individuals. As of July 2, 2010, there were 107 breaches listed that were reported to have occurred between September 22, 2009 and June 11, 2010. Individuals affected by these publicly listed breaches totaled 4,086,980. Six of the 107 breaches, or 5.6% of the total, affected 3,353,627 individuals, or 82% of the total. This is the second of three postings that analyzes the data from these 107 breaches. This posting (II) covers paper breaches. The first posting (I) covered electronic breaches, and the final posting (III) looks at the prevalence of business associate…

READ MORE

Categories American Recovery and Reinvestment Act, Enforcement, Health IT and HITECH, HIPAA Law, Privacy, SecurityTags , , , , , , , , , , , , , , , , , , , , Leave a comment

HIPAA Privacy, Security, Enforcement Rule Modifications NPRM at Federal Register

This morning, July 8, 2010, HHS’ Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act Notice of Proposed Rulemaking (NPRM) was posted at the Federal Register for public access prior to publication.  It will be published on Wednesday, July 14, 2010.  The 234 page NPRM can be accessed in portable document format (pdf) online at:  http://www.ofr.gov/OFRUpload/OFRData/2010-16718_PI.pdf.  There will be a 60-day comment period relating to the content of the NPRM.  HIPAA.com will provide a synopsis of the NPRM in a series of postings following publication in the Federal Register.

Categories American Recovery and Reinvestment Act, Enforcement, Health IT and HITECH, HIPAA Law, Privacy, SecurityTags , , , , , , , Leave a comment

Final Rules for EHR Incentives and Certification Criteria at OMB for Review

The Office of Management and Budget (OMB) received in early July for Executive Order (EO) 12866 Regulatory Planning and Review two Final Rules relating to electronic health record (EHR) incentives and certification criteria required under the Health Information Technology for Economic and Clinical Health Act (HITECH Act) that was enacted on February 17, 2009 as part of the American Recovery and Reinvestment Act of 2009. On Friday, July 2, 2010, OMB received from the Office of the Secretary at the Department of Health and Human Services (HHS) for review Health Information Technology:  Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology; Final Rule.  The Interim Final…

READ MORE

Categories American Recovery and Reinvestment Act, Health IT and HITECH, Meaningful UseTags , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

OMB Completes Review of HIPAA/HITECH Act Privacy, Security, Enforcement Rule Modifications NPRM

On July 1, 2010, the Office of Management and Budget (OMB) completed review of the Notice of Proposed Rulemaking (NPRM) entitled: Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act](RIN:  0991-AB57).  The NPRM was received at OMB for review on April 12, 2010.  It likely will be published in the Federal Register imminently. Legal authority for the NPRM is in Sections 13400 to 13410 of Subtitle D (Privacy) of the HITECH Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009 (Public Law 111-5), enacted on February 17, 2009. Those sections cover:…

READ MORE

Categories American Recovery and Reinvestment Act, Enforcement, Health IT and HITECH, HIPAA Law, Privacy, SecurityTags , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

OCR Reports 107 Breaches Affecting Over 4 Million Individuals (I)

As of the July 4th holiday weekend, the Office for Civil Rights (OCR) has updated again its Web site listing of breaches affecting 500 or more individuals.  As of July 2, 2010, there were 107 breaches listed that were reported to have occurred between September 22, 2009 and June 11, 2010. Individuals affected by these publicly listed breaches totaled 4,086,980.  Six of the 107 breaches, or 5.6% of the total, affected 3,353,627 individuals, or 82% of the total.  This is the first of three postings that analyzes the data from these 107 breaches.  This posting (I) covers electronic breaches, the next posting (II) covers hard copy (paper) breaches, and the…

READ MORE

Categories American Recovery and Reinvestment Act, Enforcement, Health IT and HITECH, Privacy, SecurityTags , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

ONC Releases Final Rule for Temporary HIT Certification Program

On Friday afternoon, June 18, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) released the final rule:  Establishment of the Temporary Certification Program for Health Information Technology.   The final rule can be viewed in portable document format (pdf) online at:  http://www.federalreigster.gov/…. The final rule will be published in the Federal Register, most likely next week, and will be effective upon date of publication. The summary of the final rule is reproduced here: “This final rule establishes a temporary certification program for the purposes of testing and certifying health information technology.  This final rule is established under the…

READ MORE

Categories American Recovery and Reinvestment Act, Health IT and HITECH, Meaningful UseTags , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

Final Rule on EHR Certification Programs Imminent

The Office of Management and Budget (OMB) completed its review of the Proposed Establishment of Certification Programs for Health Information Technology final rule on June 14, 2010, so publication in the Federal Register is imminent.  This final rule explains the proposed establishment of certification programs for voluntary certification of health information technology, as specified in section 3001(c)(5) of the HITECH Act, which is available on the hipaa.com site.  This final rule is a follow-on to the proposed rule of the same title that was published in the Federal Register on March 10, 2010 (75 Federal Register 11327-11373), the summary of which appears below. “Under the authority granted to the National…

READ MORE

Categories American Recovery and Reinvestment Act, Health IT and HITECH, Meaningful UseTags , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

Reported Breaches of 500 or More Individuals up to 93 and Affecting Over 2.5 Million Individuals; Enforcement and Penalties

As of Friday, June 4, 2010, 93 breaches affecting 500 or more individuals have been reported on the Office for Civil Rights (OCR) Web site. The total number affected has gone beyond 2-1/2 million individuals today, and stands at 2,565,352 individuals. Of the 87 breaches involving breach of hard copy or electronic protected health information, 26% involve hard copy or paper records and 74% records on electronic media or devices. Overall, 71% of the 93 breaches involve theft or loss of records, many of which might have been avoided by appropriate securing of hard copy records and electronic media and devices. Below we remind readers of the Department of Health…

READ MORE

Categories American Recovery and Reinvestment Act, Enforcement, Health IT and HITECH, HIPAA Law, Privacy, SecurityTags , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

FTC Delays Enforcement of FTC Red Flags Rule Fifth Time

The original FTC Red Flags Rule compliance date deadline was extended three times from the original date of November 1, 2008, with an expected compliance date of November 1, 2009.  Just prior to that date, the FTC extended for the fourth time the deadline for compliance to June 1, 2010.  On May 28, 2010, the June 1, 2010, compliance date was extended a fifth time to December 31, 2010[1]: “At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the ‘Red Flags’ Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule.  Today’s…

READ MORE

Categories Enforcement, Red Flags RulesTags , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

OCR Stepping Up HIPAA Security Enforcement

Health Data Management (HDM) reported today, May 12, that the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) is going to strengthen HIPAA Security Rule enforcement, based on statements made on Tuesday, May 11 by the OCR Deputy Director for Privacy, Susan McAndrew, at the Safeguarding Health Information conference in Washington, DC, co-sponsored by OCR and the National Institute of Standards and Technology (NIST).  “To boost enforcement of the security rule, OCR has added investigators in 10 regional offices, McAndrew notes,” as reported by Joe Goedert in the HDM article, “OCR Boosting Security Enforcement,” which is available online. This report comes several days after…

READ MORE

Categories American Recovery and Reinvestment Act, Enforcement, Health IT and HITECH, Privacy, SecurityTags , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment