HHS Puts Industry on Notice: OCR is Serious About HIPAA Enforcement

Posted by Jason Greis on March 2, 2011 under Articles | Be the First to Comment

On Feb. 22, 2011, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that it had issued a civil money penalty (CMP) of $4.3 million against Cignet Health of Prince George’s County, MD., the first imposition of a CMP by OCR for a violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. Two days later, HHS announced that General Hospital Corporation and Massachusetts General Physicians Organization, Inc., collectively referred to as Mass General, agreed to pay $1 million to settle potential violations of the HIPAA Privacy Rule. Read More...

Stimulus Legislation Expands Privacy Regulation for Health Care Businesses

Posted by Jason Greis on March 2, 2009 under Articles | Be the First to Comment

Health care providers and any businesses that provide information technology services for them will be subject to much greater regulation of their information security practices as a result of a major component of the recent economic stimulus legislation. Known as the Health Information Technology for Economic and Clinical Health Act (or the “HITECH Act”), this portion of the federal economic stimulus package is the most expansive modification to the federal privacy and security rules for health-related businesses since the 1996 enactment of HIPAA. Read More...