Employee Fired for Accessing Son’s Records Reinstated

A Wisconsin woman who was fired in September 2008 for accessing her estranged son’s medical records was reinstated last month after an arbitrator deemed the punishment excessive. After learning her son sought care at the hospital, the woman, a health unit coordinator at St. Francis Hospital for 30 years, accessed his records eight times in one year in hopes of learning his current address or when he was next scheduled for an...

Read More

FTC Releases Breach Notification Rule

Yesterday HHS published its breach notification rule for HIPAA covered entities. Today the Federal Trade Commission’s rule appeared in print, making it official also. The FTC rule applies to entities not covered by HIPAA, primarily vendors of personal health records. The rule is effective September 24, 2009. Full compliance is required by February 22, 2010. FTC’s rule requires vendors of personal health records and related entities to...

Read More

HHS Releases Breach Notification Rule

Last week the industry got an early look at the Department of Health and Human Service’s much-anticipated data breach notification rule. Today the rule was published in the Federal Register, making it official. The rule takes effect September 23, 2009. “Breach Notification for Unsecured Protected Health Information” applies to all HIPAA-covered entities and HIPAA-related business associates. A separate rule is expected any day from...

Read More

Funding Deadlines for Health IT Extension Centers

Update, September 2: HHS has posted new and revised program materials online: a transcript of its August 27 technical assistance conference, an FAQ, and a revised preliminary application template. The first applications from aspiring health IT resource centers are due in two weeks—September 8. The Office of the National Coordinator for Health Information Technology will award grants in two additional cycles with initial deadlines in...

Read More

ARRA Updates—Week of August 16

A flurry of ARRA-related activity this week, in part driven by some August 18 deadlines for the data breach notification provisions. The Federal Trade Commission and the Department of Health and Human Services both have final breach notification rules in hand, though neither has been published in the Federal Register. Publication is expected in the coming days, possibly as soon as tomorrow. The HHS regulations apply to covered...

Read More