Category Archives: HIPAA Training

$125,000 – Still Another 100% Avoidable Fine

There continues to be a steady stream of large settlements with HHS-OCR with recurring theme. They have been avoidable. Of note is a recent $125,000 settlement with a small one-location pharmacy Cornell Prescription Pharmacy in Denver, CO (“The Pharmacy”). NOTE:

Role-Specific Learning and Independence Blue Cross

The recent Breach of 12,500 records at Independence Blue Cross is yet another example of where an incident could have been prevented by role-specific learning and appropriate process. In addition to the fines that are certain to follow, the fix

Software updates and HIPAA

HHS/OCR has made it clear by the recently assessed $150,000 fine that a Breach due to the failure to maintain software via updates and patches will be dealt with harshly. Just ask Anchorage Community Mental Health Services after its AVOIDABLE

The Metric for Compliance in a Negligence Suit

The previous HIPAA Update News by addressed the Connecticut Supreme Court’s ruling in the Emily Byrne vs. Avery Center for Obstetrics and Gynecology case. That ruling is allowing a case to be heard that is using HIPAA as the

HIPAA and the right to Sue

It has been generally understood that HIPAA has not permitted individuals impacted by a Breach to sue for damages. Some Covered Entities have even relied on this “shelter from non-governmental litigation” in their risk management. However, the recent ruling in

HIPAA and the Need-to-Know

 HIPAA and the Need-to-know HIPAA prohibits the disclosure of protected health information to anyone that does not have a professional need-to-know. The need-to-know standard is applied on a person-by-person basis and NOT by departments or units. HIPAA and EBOLA in

Defense of Marriage Act and HIPAA

The U.S. Supreme Court’s ruling regarding the Defense of Marriage Act (“DOMA”) in United States v. Windsor has impacted a number of rules and regulations including HIPAA. HIPAA’s Privacy Rule allows care providers (as Covered Entities) to share information about

$800,000 plus due to lack of learning

Parkview Health System, Inc. has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule with the U.S. Department of Health and Human Services Office for Civil Rights (OCR).  Parkview will pay