HHS Posts First Privacy Breach Reports

The Department of Health and Human Services received reports of 36 large-scale privacy breaches in the last months of 2009 and early 2010. The department has posted basic descriptions of the breaches on its Web site in accordance with new federal rules. Under the ARRA breach notification provisions, HIPAA covered entities and their business associates must notify HHS of any breaches affecting the unsecured protected health information...

Read More

HHS Announces First Regional Extension Centers

The Department of Health and Human Services announced the first group of regional extension centers today, part of nearly $1 billion in awards made for health IT-related projects. More than $375 million was awarded to 32 nonprofit organizations to support primary care providers in selecting, implementing, and using health IT. The centers will provide education, outreach, and technical assistance. HHS will award a second round of...

Read More

California Logs 2,500 Breach Reports in 2009

On January 1, 2009, the nation’s toughest breach notification law took effect in California, where providers were required to report any breach of protected health information to the patient and the state within five business days. The state government was flooded with breach notifications, receiving 2,490 reports of breach incidents through December 31, 2009, according to the California Department of Public Health, Center for...

Read More

Few Requests for Today’s Accounting

Provisions within the American Recovery and Reinvestment Act extend HIPAA’s accounting of disclosure regulations for providers who maintain electronic health records. The provisions are intended to give patients more information on how their protected health information is used. The original regulations have been in effect for nearly seven years now. How often have patients availed themselves of the right? What do consumers want or...

Read More

Breach Notification Scenarios

In September 2009 the Department of Health and Human Services released an interim final rule describing a covered entity’s responsibilities to notify victims of a breach to their personal health information. The new rule was the result of provisions in the American Recovery and Reinvestment Act. Penalties for noncompliance take effect February 22, 2010. How well do you know the ins and outs of the rule? It’s complicated, and there are...

Read More