Tag Archives: Department of Health and Human Services (HHS)

Cloud Sharing Apps Scrutinized for ePHI

In a relatively short time period, the direct costs of document storage have dropped precipitously, and cloud-based document storage has become ubiquitous. Clearly, this is a wave of the future. But a recent settlement agreement between the Office of Civil Rights and a Boston area hospital should make it plain that, when it comes to electronic protected health information, mobile devices and cloud-based storage apps carry significant risk. On July 8, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights and St. Elizabeth’s Medical Center entered into a settlement agreement following an investigation into a complaint …

[ CONTINUE READING ]

A Year in Review: Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights

The U.S. Department of Health and Human Services Office for Civil Rights had another busy year in 2014. More resolution agreements were signed by HHS and Covered Entities than in the previous year, and several Covered Entities agreed to pay significant amounts to resolve investigations. Below is a brief summary of the most notable enforcement actions. In March 2014, OCR settled alleged HIPAA violations by Skagit County, Washington, home to approximately 118,000 residents. The County agreed, among other things, to pay a $215,000 monetary settlement. According to OCR, the electronic protected health information of 1,581 people was accessed by unknown …

[ CONTINUE READING ]

Copiers Don’t Easily Forget and HHS Doesn’t Easily Forgive

In 2010, Affinity Health Plan, Inc., a New York not-for-profit managed care plan, received some bad news after learning that it was an unwitting player in a CBS Evening News investigation on leased photocopiers. In its investigation, CBS went to a New Jersey warehouse and purchased several photocopiers, which included one previously leased by Affinity. With little effort, CBS was able to retrieve 300 pages of medical records from the Affinity photocopier’s hard drive, including patient test results, diagnostic assessments, and drug prescriptions. As a result, Affinity was required to file a breach report with the U.S. Department of Health …

[ CONTINUE READING ]