Contact Us
Subscribe to this blog via RSS
Join us on LinkedInCategories
- Data Privacy
- Department of Health and Human Services' Office of Civil Rights
- Medical Malpractice
- Medical Cannabis
- Workplace health
- Workplace Violence
- Assisted Living Facilities
- EMTALA
- FDA
- Reproductive Rights
- Roe v. Wade
- SCOTUS
- COVID-19
- Prescription Drugs
- Telemedicine
- Medical Spas
- Code Enforcement
- Corporate
- United States Department of Justice ("DOJ")
- Employee Contracts
- Non-Compete Agreement
- Compliance
- HIPAA
- Kentucky Board of Nursing
- Managed Care Organizations (“MCOs”)
- Primary Care Physicians ("PCPs")
- Accountable Care Organizations (“ACO”)
- Anti-Kickback Statute
- Centers for Medicare & Medicaid Services (“CMS”)
- Data Breach
- Electronic Protected Health Information (ePHI)
- False Claims Act
- Federally Qualified Health Centers (“FQHCs”)
- Health Information Technology for Economic and Clinical Health Act (HITECH Act)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- HPSA
- KASPER
- Kentucky Board of Medical Licensure
- Kentucky’s Department for Medicaid Services
- Medicaid
- Medicare
- Mental Health Care
- Office for Civil Rights ("OCR")
- Office of Inspector General of the United States Department of Health and Human Services (OIG)
- Patient Protection and Affordable Care Act (“ACA”)
- Pharmacists
- Physician Assistants
- Qui Tam
- Rural Health Centers (“RHCs”)
- Stark Laws
- Telehealth
- Affordable Care Act
- APRNs
- Charitable Hospitals
- Health Professional Shortage Area ("HPSA")
- Hospitals
- HRSA
- Mid-Level Practitioners
- Rural Health Clinic
- Business Associate Agreements
- Compliance Programs
- ERISA
- Fraud
- Hospice
- Overpayments
- Part D
- Appeal
- Electronic Health Records (“EHR")
- Advanced Practice Registered Nurses
- Business Associates
- Denied Claims
- Division of Regulated Child Care
- Employee Agreement
- Fair Labor Standards Act (FLSA)
- Licensed practical nurses (LPN)
- Licensure Requirements
- Nurse practitioners (NP)
- Part A
- Part B
- Patient Autonomy
- Personal Health Information
- Personal Service Entities
- Physician Payments
- Qualified Health Plan ("QHP")
- Registered nurses (RN)
- Abuse and Waste
- Occupational Safety and Health Administration (“OSHA”)
- Department of Health and Human Services (HHS)
- Health Insurance
- Healthcare Regulation
- Health Care Law
McBrayer Blogs
Showing 5 posts in Health Information Technology for Economic and Clinical Health Act (HITECH Act).
HIPAA Rules and Procedures in the Event of a Data Breach, Part One
As discussed in my prior post, recent massive data breaches at major retailers and health insurance providers paint a bleak picture of modern data and emphasize the importance of strong security safeguards and plans for handling suspected security breaches for electronic protected health information (“ePHI”). In the healthcare context, a security breach of a covered entity or a Business Associate’s (BA) data security system triggers the Security Rule and can trigger certain breach notification requirements under Health Insurance Portability and Accountability Act (“HIPAA”) and Health Information Technology for Economic and Clinical Health Act (“HITECH”). This post will discuss the investigation needed to determine whether a breach has taken place, while the next post will discuss the necessary notifications in the event of a breach. More >
Have You Reviewed Your Existing Business Associate Agreements?
Pursuant to the HIPAA Final Omnibus Rule (“Final Rule”), covered entities and their business associates were required to enter into new business associate agreements (“BAAs”) or modify existing BAAs by Sept. 23, 2013. However, existing BAAs that (i) were entered into on or before Jan. 25, 2013; (ii) met the requirements that were applicable prior to the promulgation of the Final Rule; and (iii) were not modified after March 26, 2013, have until Sept. 23, 2014 to be updated. That deadline is quickly approaching. More >
Small Devices & Big Consequences: Why Medical Practices Need Encryption
On Tuesday, I shared information about the U.S. Health and Human Services (“HHS”) Office of Civil Rights’ (“OCR”) first settlement with a medical practice for alleged violations of the breach notification provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. The $150,000 settlement was made with Adult & Pediatric Dermatology, P.C., (“the Practice”) after the entity reported a stolen jump drive that contained PHI of approximately 2,200 patients. More >
Is a Cloud Vendor a Business Associate?
Before a covered entity can use cloud storage for ePHI, the covered entity must enter into a business associate agreement (BAA) with the cloud vendor.[i] It seems that there is some uncertainty surrounding this requirement, with some cloud vendors taking the position that a BAA is unnecessary for passive storage of ePHI or that they qualify for an exception under HITECH Act as a personal health records vendor. More >
IS HIPAA IN THE CLOUDS?
Virtual or “cloud” data storage is an increasingly popular method for storing data electronically in a safe and yet conveniently accessible manner that may also represent a cost savings over traditional onsite data storage options. Health care providers, including hospitals, pharmacies and physicians, have been slow to avail themselves of the benefits of “cloud computing” due in part to concerns about whether the cloud offers the rigorous privacy and security safeguards required for storing electronic protected health information (ePHI) under Federal and State privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act) and implementing regulations. More >
