Chief Administrative Law Judge Chappell issued an initial decision in the Federal Trade Commission action against LABMD, Inc., dismissing the case against the now defunct LABMD.   In his decision ALJ Chappell determined that: “To impose liability for unfair conduct under Section 5(a) of the FTC Act, where there is no proof of actual injury to any consumer, based only on an unspecified and theoretical “risk” of a future data breach and identity theft injury, would require unacceptable speculation and would… Read More >

OIG Report on HIPAA Breach Notification Recommends Improved Follow-Up of Small Breaches

In addition to the recent report on the Office of Civil Rights’ (OCR) Oversight of the HIPAA Privacy Rule, the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) also issued a report titled “OCR Should Strengthen Its Follow-up of Breaches of Protected Health Information Reported by Covered Entities”. Among its findings in the report, the OIG noted that OCR was investigating all “large” breaches reported pursuant to the Breach Notification Rule, but was not… Read More >

Prepare for HIPAA Audits: Privacy and Security Checklists and Free HIPAA Consultations

Recent news reports as well as a report from the Office of the Inspector General indicate that the Office of Civil Rights (OCR) for the Department of Health and Human Services (HHS) has chosen a vendor and plans to move forward with phase II of its audit program of covered entities and business associates. This is an excellent time for health care providers to revisit HIPAA Compliance to ensure that all of the HIPAA Privacy and Security regulatory requirements are… Read More >

OIG Report Recommends Implementation of Permanent HIPAA Audit Program

The Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) recently conducted a study to assess the Office of Civil Rights’ (OCR) oversight of compliance with the HIPAA Privacy Rule. The OIG recommended that OCR strengthen its oversight by becoming proactive rather than reactive.  The OIG criticized OCR for not fully implementing its required HIPAA audit program.  Further, the OIG found that OCR was not consistent in documenting covered entities’ corrective actions in its tracking… Read More >