|
|
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
Report Link FTC Issues Final Health Breach Notification Rule on the Heels of HHS's HIPAA Breach Notification Rule.Baker, Donelson, Bearman, Caldwell & Berkowitz, PC - October 13, 2009 On August 25, 2009, the Federal Trade Commission (FTC) issued its final health breach notification rule. It was effective September 24, 2009; however, the FTC will refrain from enforcement action for breaches discovered before February 22, 2010. The rule requires vendors of personal health records (PHRs) and related PHR entities to notify individuals when the security of their unsecured, individually identifiable health information has been breached. A third-party service provider of PHR vendors that experiences a breach must also notify its vendor or related entity of a breach. In addition to notifying the individual whose information has been breached, these entities must notify the FTC and, in some cases, the media. A violation of these new breach notice requirements is considered an unfair or deceptive act or practice in violation of a regulation under 15 U.S.C. 57a(a)(1)(B) of the Federal Trade Commission Act. Report Link Online Reporting Under HIPAA Breach Notification Rule Required by Department of Health and Human ServicesFord & Harrison LLP - October 07, 2009 In August 2009, the Department of Health and Human Services (HHS) issued its interim final rule with regard to requirements for notification in the event of a breach of unsecured protected health information (PHI). Among other notification requirements (including notice to impacted individuals and in some cases notice to the media), the interim final rule requires covered entities (i.e. health plans, healthcare clearinghouses or certain health care providers) to provide notice to HHS of any breach of unsecured PHI: Report Link How To Comply With The New HITECH Breach Notification Rules.Baker Hostetler LLP - September 23, 2009 Covered entities, such as group health plans, ("CEs") and business associates, such as vendors that provide services to group health plans, ("BAs") that are subject to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") now must comply with the Health Information Technology for Economic and Clinical Health ("HITECH") Act breach notification rules (the "HITECH breach notification rules"). The HITECH breach notification rules require CEs and BAs to send out notifications to affected individuals upon a breach of unsecured protected health information ("PHI"). Report Link HIPAA Breach Notification Rules.Vedder Price - September 17, 2009 HIPAA Breach Notification Rules. Report Link HHS Issues HIPAA Breach Notification Rules: New Mandate for Covered Entities and Business Associates.Jackson Lewis LLP - September 11, 2009 Beginning September 23, 2009, covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA) will be required to notify individuals affected by certain “breaches” of unsecured protected health information. The notification mandate, enacted under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, as part of the American Recovery and Reinvestment Act of 2009 (ARRA), was signed into law by President Barack Obama on February 17, 2009. Following the general framework established by the 45 states that have adopted similar laws over the past few years, the Department of Health and Human Services (HHS) issued interim final regulations on August 24, 2009, interpreting the new notification requirement. Report Link Department of Health and Human Services Issues Breach Notification Rules for Unsecured Protected Health Information.Ford & Harrison LLP - September 03, 2009 On August 24, 2009, the Department of Health and Human Services ("HHS") issued its interim final rule with regard to breach notification requirements for unsecured protected health information. Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, which is part of the American Recovery and Reinvestment Act of 2009, HHS was required to issue interim final regulations regarding notification provisions in the event of a breach of unsecured protected health information. Generally, the HITECH Act requires HIPAA covered entities (i.e. health plans, health care providers who transmit certain transactions electronically and health care clearinghouses) to provide notification to affected individuals upon the discovery of a breach of unsecured protected health information. A notice is also required to be sent to a major media outlet if more than 500 individuals within a state or jurisdiction are impacted by the breach. Additionally, covered entities are required to notify HHS in the event of a breach of unsecured protected health information impacting 500 or more individuals. Report Link HHS Issues HIPAA Security-Breach-Notification Rules: Compliance Deadline Looming Fisher & Phillips, LLP - September 02, 2009 On August 24, 2009, the Department of Health and Human Services (HHS) issued interim final rules regarding the new security-breach-notification requirement of the Health Insurance Portability and Accountability Act (HIPAA). Covered entities and their business associates (service providers to covered entities) only have 30 days after publication (or until September 23, 2009) to comply with these new rules. Report Link Employers and Health Care Providers Receive New Guidance on HIPAA Security Breach Notification.Littler Mendelson, P.C. - August 26, 2009 The Health Information Technology for Economic and Clinical Health Act (HITECH Act), one small legislative portion of the massive economic stimulus bill enacted on February 17, 2009, mandates that employers and health care providers provide notice of any "breach" of "unsecured" protected health information (PHI) to affected individuals; the U.S. Department of Health and Human Services (HHS); and, in certain circumstances, "prominent media outlets." The quoted terms and many others in the HITECH Act are either undefined or raise a multitude of unanswered questions. On August 24, 2009, HHS published in the Federal Register interim final regulations and accompanying commentary that clarifies many of the Act's ambiguities. Report Link Data Privacy & Security Developments: HIPAA, "Red Flag," Breach Notification, Applicant Protections.Jackson Lewis LLP - August 14, 2009 The trend toward increasing obligations for maintaining the privacy and security of certain information continues. As the January 1, 2010, deadline for compliance with Massachusetts data security regulations looms, other legislative and regulatory developments continue to drive businesses to take more aggressive and comprehensive steps toward safeguarding the personal information they maintain. Some key developments should be considered. Report Link A HITECH World - New Law Expands HIPAA Enforcement Power.Ogletree Deakins - August 13, 2009 The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on February 17 as part of the American Recovery and Reinvestment Act of 2009 (H.R. 1), also known as the economic stimulus bill. The legislation was designed to advance the use of health information technology, such as electronic health records. Report Link Privacy Notice Reminder.Fisher & Phillips, LLP - May 06, 2009 Group health plans that were required to comply with privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA) by April 14, 2003 (i.e., large health plans) now have an obligation to notify individuals who are covered by the plan that the privacy notice is available, and to tell them how to obtain the notice. This reminder notice must be sent at least once every three years. Report Link Stimulus Bill's HIPAA Changes.Fisher & Phillips, LLP - May 06, 2009 The American Recovery and Reinvestment Act (ARRA), signed by President Obama into law on February 17, 2009, included changes to the health information privacy and security rules under HIPAA, the Health Insurance Portability and Accountability Act of 1996. Report Link Stimulus Package Expands the Applicability and Penalties of the HIPAA Privacy and Security Regulations.Baker, Donelson, Bearman, Caldwell & Berkowitz, PC - March 27, 2009 Health care providers and businesses that play in the electronic medical/health record space should take heed: The Health Information Technology for Economic and Clinical Health Act (HITECH Act), which is part of the American Recovery and Reinvestment Act of 2009 (the "Stimulus Package") signed into law on February 17, 2009, will bring about major changes to the requirements, application and penalties associated with the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Regulations (referred to jointly as "HIPAA" and singly as the "Privacy Regulations" and the "Security Regulations" for purposes of this Advisory). Report Link Stimulus Act Expands HIPAA Obligations and Enforcement Mechanisms.Baker, Donelson, Bearman, Caldwell & Berkowitz, PC - March 10, 2009 On February 17, 2009, President Obama signed into law the American Recovery and Reinvestment Act of 2009 (the Stimulus Act). Among the myriad topics contained in the Stimulus Act is the expansion of the obligations and enforcement mechanisms of the Health Insurance Portability and Accountability Act (HIPAA), and more specifically, HIPAA's Privacy and Security Rules. Below is a summary of the most significant changes to the HIPAA Privacy and Security Rules. Report Link Recent Enforcement Actions and Significant Amendments to the HIPAA Privacy Rule Compel Employers to Revisit Their HIPAA Compliance Efforts.Littler Mendelson, P.C. - March 04, 2009 Two recent enforcement actions and significant amendments to the HIPAA Privacy Rule, enacted as part of the federal government's massive economic stimulus bill (the "American Recovery and Reinvestment Act of 2009" (ARRA)), should re-focus employers on their HIPAA compliance efforts. Report Link Federal Stimulus Means New HIPAA Privacy and Security Mandates.Jackson Lewis LLP - February 25, 2009 In line with this audacious promise, the American Recovery and Reinvestment Act of 2009 (ARRA) expands, enforces, and enhances the privacy and security safeguards required by the Health Insurance Portability and Accountability Act (HIPAA) for certain individually identifiable health information. The tightening of these safeguards is critical to building the network of computerized record-keeping systems that will service the whole nation. Most businesses will be affected by these changes to some degree. Some of the key changes made by the new law include: Report Link Economic Stimulus Act Impacts HIPAA Requirements.Ford & Harrison LLP - February 24, 2009 The American Recovery and Reinvestment Act ("ARRA") signed into law on February 17, 2009 includes significant changes to the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA). Below are highlights of some of the significant changes and their effective dates. Report Link HEART Act Guidance Clarifies Health FSA Distributions For Reservists.Ogletree Deakins - October 16, 2008 Under new guidance issued by the Internal Revenue Service (IRS), employers will more easily be able to allow workers who have been called up to active military duty to take full advantage of “qualified reservist distributions” from their health flexible spending accounts (FSAs). Report Link Hospital to Pay $100,000, Comply with 3-Year Corrective Action Plan for HIPAA Data Breach.Jackson Lewis LLP - July 25, 2008 The U.S. Department of Health & Human Services (HHS) has announced that it has entered into a Resolution Agreement, for the first time, concerning potential violations of the privacy and security regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Resolution Agreement, entered into on July 16, 2008, requires a Seattle-based health care provider, Providence Health & Services, to pay $100,000 and to implement a detailed, three-year corrective action plan to ensure that it will appropriately safeguard identifiable electronic patient information. By agreeing to this Resolution Agreement, the provider avoided the imposition of potentially significant civil monetary penalties under HIPAA. Report Link Court Finds FSA Administrator Violated ERISA by Providing Misleading Benefit Documents.Ford & Harrison LLP - May 14, 2008 A federal court in New Jersey has held that a flexible spending account (FSA) plan administrator violated ERISA by providing plan benefit documents that did not clearly state when a medical expense would be deemed “incurred” under the plan. Report Link HIPAA Enforcement Update: CMS Issues Guidance on HIPAA Security Rule Compliance Review.Jackson Lewis LLP - February 28, 2008 To assist Health Insurance Portability and Accountability Act (HIPAA) covered entities prepare for enforcement of potential HIPAA Security Rule violations, on February 20, 2008, the Office of E-Health Standards and Services (OESS) provided guidance on the type of information that might be requested during an onsite investigation. The OESS is an office within the Centers for Medicare & Medicaid Services (CMS) of the Department of Health & Human Services. The OESS document called "Sample - Interview and Document Request for HIPAA Security Onsite Investigations and Compliance Reviews" lists (1) the persons who may be interviewed and (2) the documents and other information that may be requested. Report Link HIPAA Safe Harbor for Supplemental Health Insurance.Littler Mendelson, P.C. - December 18, 2007 On December 7, 2007, the U.S. Department of Labor (DOL) in conjunction with the Department of Treasury and the Department of Health and Human Services issued Field Assistance Bulletin No. 2007-04. This Bulletin provides a safe harbor for supplemental health insurance plans and exempts certain plans from the portability provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Report Link HHS Expanding HIPAA Privacy Enforcement Team.Littler Mendelson, P.C. - December 18, 2007 The Department of Health and Human Services ("HHS") enforces the privacy provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Report Link HIPAA Enforcement: Farce Or Reality.Jackson Lewis LLP - July 18, 2007 The HIPAA privacy regulations became a reality for most health care providers and health plans on April 14, 2003, the regulations' effective date. During that time, "covered entities" were anxious to become compliant – feverishly drafting policies and procedures, training employees and locking up health information, among other things. Many at that time feared government enforcement in the form of audits, civil actions and penalties. Report Link HIPAA Privacy and Security Enforcement Kicks Up.Jackson Lewis LLP - May 09, 2007 The Department of Health and Human Services has stepped up its enforcement of the Health Insurance Portability and Accountability Act of 1996. HHS, charged with enforcement of HIPAA's Privacy and Security Rules through its Office of Civil Rights, has launched an enforcement website, delegated subpoena authority to its enforcement office, and begun compliance audits. Report Link Imminent HIPAA Notice Obligation for Small Health Plans.Littler Mendelson, P.C. - April 18, 2007 The small health plan deadline for the HIPAA privacy notice passed a few days ago -- did you make the cut? Report Link Final Rules Address HIPAA Nondiscrimination Provisions' Impact on Wellness Programs (pdf).Phelps Dunbar LLP - April 17, 2007 All employers and other plan sponsors that administer wellness programs should carefully review the nondiscrimination rules recently finalized by the United States Departments of Labor (“DOL”), Health & Human Services (“HHS”), and the United States Department of Treasury. The final rules were published late last year on December 13, 2006, at 71 Fed. Reg. 75014. Report Link HIPAA Privacy Notice Reminder for "Small" Health Plans.Jackson Lewis LLP - April 04, 2007 The compliance date deadline for the HIPAA small health plan Privacy Rule is fast approaching -- April 14, 2007. Are you in compliance?
Report Link New HIPAA Wellness Regulations.Fisher & Phillips, LLP - March 30, 2007 In 2006, the IRS, HHS and DOL, issued HIPAA regulations for wellness programs, outlining how those programs should be designed. Report Link Final HIPAA Nondiscrimination Regulations Spur Employers to Review Workplace Wellness Programs.Jackson Lewis LLP - December 15, 2006 Long awaited final regulations addressing, among other things, the "bona fide wellness program" exception to the HIPAA non-discrimination requirements were released on December 13, 2006, by three federal agencies. The nondiscrimination requirements, which are found in Section 702 of the Employee Retirement Income Security Act (ERISA) (as amended by HIPAA), generally prohibit plan sponsors from using a health factor as a basis for discrimination with regard either to eligibility to enroll or for determining premium contributions under a group health plan. These final regulations, issued jointly by the Departments of Treasury, Labor and Health and Human Services, provide helpful clarifications and modifications to the interim rules published in 1997 and 2001. While the effective date of the regulations is February 12, 2007, the new rules afford employers until July 1, 2007, at the earliest, to comply with the final standards (for calendar year plans, January 1, 2008). Report Link The Department of Health and Human Services Issues Guidance Regarding Security Breaches Concerning HIPAA-Protected Information.Buchanan Ingersoll & Rooney PC - June 16, 2006 The Department of Health and Human Services (HHS) released guidance on April 17, 2009, regarding the new protected health information (PHI) security breach notification requirements set forth in the American Recovery and Reinvestment Act of 2009 (ARRA). Report Link "HIPAA Certifications" Are Not Required Under HIPAA Privacy and Security Regulations.Jackson Lewis LLP - May 12, 2006 Many employers sponsoring group health plans have asked: "Do we have to be HIPAA 'certified' in order to be compliant with the HIPAA privacy and security regulations?" Report Link HIPAA Compliance Reminders (pdf).Vedder Price - April 07, 2006 The HIPAA Privacy Rule requires employers who
sponsor a group health plan to notify plan participants at
least once every three years of the availability of the
plan’s Notice of Privacy Practices (“Privacy Notice”)
and of how to obtain a copy of the Privacy Notice. Report Link What Are a Small Employer's Obligations under the HIPAA Security Rules.Jackson Lewis LLP - March 22, 2006 By April 14, 2004, all covered "health plans" were required to be in compliance with the Privacy Rules. Many plan sponsors believed that after becoming compliant with the Privacy Rules, their health plan(s) had satisfied HIPAA's "administrative simplification" provisions. The administration simplification provisions, however, include an additional layer of protection for a certain type of protected health information – "electronic protected health information" – with this layer being known as the "Security Rules." These regulations are codified at Title 45 of the Code of Federal Regulations Part 164, Subparts A and C . The focus of this article, therefore, is to provide small employers sponsoring one or more covered health plans a general discussion of the scope and compliance requirements under the Security Rules. Report Link May a health plan disclose protected health information to a person who calls the plan on the beneficiary's behalf?Jackson Lewis LLP - March 21, 2006 A frequent question of plan sponsors is under what conditions may health plans disclose protected health information to a person who calls the plan on the beneficiary's behalf. On March 14, 2006, the Department of Health and Human Service's Office of Civil Rights provided guidance on this question in its frequently asked questions section. Report Link Most Health Plans Must Remind Participants of Availability of Notice of Privacy Practices.Jackson Lewis LLP - March 13, 2006 Employers should take note that the Health Insurance Portability and Accountability Act's Privacy Rule requires a health plan to remind participants of the availability of the plan's Notice of Privacy Practices, as well as how to obtain a copy, at least once every three years. The three-year anniversary of the compliance date for the Privacy Rule for most covered health plans is April 14, 2006; for small health plans, the third anniversary of the compliance date is April 14, 2007. Report Link CMS Clarifies Compliance with the HIPAA Security Obligations for Sponsors of Group Health Plans.Jackson Lewis LLP - November 28, 2005 Employers sponsoring group health plans have had to come to grips with the compliance requirements under the Health Insurance Portability and Accountability Act administrative simplification regulations governing the privacy, security and electronic transmission of "protected health information." Many of these plan sponsors, however, were able to take advantage of the administrative safe harbor under the privacy regulations for plans that (i) are fully insured and (ii) with respect to which the plan sponsor has no access to protected health information. Report Link Security Rule Takes Effect (pdf).Vedder Price - April 22, 2005 The compliance date for the Security Rule, the next phase
of HIPAA compliance, is upon us. Report Link Latest Agency Action on HIPAA Portability for Group Health Plans Contains Few Changes.Jackson Lewis LLP - March 24, 2005 At the end of 2004, the Departments of Treasury, Labor, and Health and Human Services published the final regulations regarding health coverage portability requirements under the Health Insurance Portability and Accountability Act of 1996. Report Link HR's Role in HIPAA Security Compliance.Littler Mendelson, P.C. - March 15, 2005 Suffering "HIPAA Privacy Rule fatigue," many human resources and benefits professionals have passed the compliance baton for the HIPAA Security Rule to their colleagues in the Information Technology (IT) Department. Report Link New HIPAA Health Care Portability Regulations (pdf).Vedder Price - February 17, 2005 On December 30, 2004, the Departments of Treasury,
Labor and Health and Human Services jointly issued
final and proposed regulations regarding the portability
requirements under the Health Insurance Portability
and Accountability Act of 1996 ("HIPAA"). Report Link Final Regulations on HIPAA Portability for Group Health Plans Contain Few Changes.Jackson Lewis LLP - January 06, 2005 On December 30, 2004, the Departments of Treasury, Labor, and Health and Human Services published the final regulations regarding health coverage portability requirements under the Health Insurance Portability and Accountability Act of 1996. Report Link Compliance Alert: HIPAA Privacy Rules for Small Employer Group Health Plans Effective on April 14.Jackson Lewis LLP - April 06, 2004 Company health plans, whether fully insured or self-funded, are most likely covered by the requirements of the Privacy Rules of the Health Insurance Portability and Accountability Act. The rules become effective for small employer heath plans on April 14, 2004. Report Link Small Employer Obligations Under HIPAA Privacy Rules (Part II).Jackson Lewis LLP - January 16, 2004 As most health plans will be subject to the privacy regulations recently issued under the Health Insurance Portability and Accountability Act of 1996 (Privacy Rules), the question becomes what is the scope of the plan's compliance obligations. Report Link Small Employer Obligations Under HIPAA Privacy Rules.Jackson Lewis LLP - December 19, 2003 Many employers may not realize that the same Health Insurance Portability and Accountability Act regulations giving health care providers a compliance headache also apply to most employer-provided health plans. Report Link Jumping The Hurdles of The HIPAA Privacy Rule.Jackson Lewis LLP - September 15, 2003 If your law practice involves the routine use of medical records in the prosecution or defense of litigation, around April of this year you may have noticed a change in attitude among many recipients of your standard medical record subpoena duces tecum. Welcome to the new world of the HIPAA Privacy Rule. Report Link Updated Guidance Precedes Upcoming Deadline For HIPAA Privacy Compliance.Jackson Lewis LLP - December 20, 2002 On December 3, 2002, the Department of Health and Human Services issued a compilation of new and existing guidance about key elements of the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") Standards for Privacy of Individually Identifiable Health Information (the "Privacy Rule").
|
ArticlesFound: 47 ArticlesSUBTOPICS Employment Law Seminars
2010 Brings Many Important Changes to Workplace Laws – California Locations
Long Beach
February 9, 2010 Fisher & PhillipsSex Offenders, Terrorists and Video Resumes: How Far Can You Go to Get Information on Prospective and Current EmployeesPhiladelphia
February 9, 2010 LittlerSocial Media & HR (Delaware SHRM)Wilmington
February 9, 2010 Young ConawayCombatting Quickie ElectionsWebinar
February 9, 2010 Ford & HarrisonThe Davis-Bacon Act: Federal Construction Prevailing Wage RequirementsWebinar
February 10, 2010 ConstangyThe 2009-10 Legislative & Case Law UpdateDiamond Bar
February 10, 2010 LittlerHR AcademyAtlanta
February 10 & 11, 2010 Fisher & Phillips2nd Annual Employment & Labor LawWashington
February 11-12, 2010 Marcus Evans2010 Brings Many Important Changes to Workplace Laws – California LocationsLa Jolla
February 11, 2010 Fisher & PhillipsThe 2009-10 Legislative & Case Law UpdateDiamond Bar
February 11, 2010 Littler |
|
| ||
|
Terms of Use
|
Privacy
|
Advertising
|
About
|
Contact
|
For Law Firms
|
Partners
Copyright © 2009 elinfonet.com, llc.
The use of this site, and the terms and conditions for our providing information, is governed by our Terms of Use, including the disclaimers contained therein. By using this site, you acknowledge that you have read the Terms of Use and that you accept and will be bound by the terms thereof.
This site is designed for lawyers concentrating in employment law and human resource professionals who specialize in employee relations. As more fully set forth in the terms of use, the information provided on or through this site is for general information purposes; it is not a determination of your legal rights, nor your responsibilities under the law. None of the information contained on this site is, or should be construed as, legal advice. The information should not be relied upon for legal advice. We are not engaged in the practice of law and no attorney-client relationship is being created. Any information communicated to any lawyer via this site does not have the confidentiality protection of the attorney/client privilege. If you are seeking legal advice, find a qualified lawyer in your area. If you need help finding a lawyer, call your local, county or state bar association. All logos and trademarks on this site are property of their respective owners. | ||
Federal Article Feeds