Recent 3.9 Million HIPAA Settlement Over Improper Disclosure of Research Participant PHI Highlights Need for HIPAA Compliance

On March 17, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) announced a $3.9 million settlement with Feinstein Institute for Medical Research for potential violations of the HIPAA Security Rules. OCR began an investigation after Feinstein filed a breach report indicating that a laptop computer containing electronic protected health information (ePHI) of approximately 13,000 patients and research participants was stolen from an employee’s car. The ePHI at issue included research participant names, dates of birth,… Read More >

HHS-OCR HIPAA Settlement Bulletin Highlights the Potential Impact of Unpatched and Unsupported Software

The Department of Health and Human Services, Office for Civil Rights (OCR) recently released a bulletin outlining the terms of a settlement with Anchorage Community Mental Health Services (ACMHS) over potential violations of the HIPAA Security Rule. According to the bulletin, ACMHS has agreed to “pay $150,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program.” OCR initiated an investigation after receiving notification from ACMHS regarding a breach of unsecured electronic protected health information (ePHI)… Read More >

OCR Guidance for HIPAA and Same-sex Marriage after United States v. Windsor

The Department of Health and Human Services Office for Civil Rights (HHS-OCR) has developed guidance to assist HIPAA covered entities in understanding the effect of the Supreme Court’s decision in United States v. Windsor on HIPAA privacy obligations. The HIPAA Privacy Rule contains several provisions that reference the role that family members, including spouses, play in patient care. In Windsor, the U.S. Supreme Court struck down Section 3 of the Defense of Marriage Act (DOMA) as unconstitutional, which provided that… Read More >

Recent White Paper addresses HIPAA and Michigan State Law Considerations When Responding to Subpoenas and Warrants for Protected Health Information

Health care providers are often faced with questions regarding the appropriate response to a subpoena or warrant requesting patient medical records. Given that most health care providers and the businesses that support them qualify as either “covered entities” or “business associates” subject to HIPAA, attorneys advising healthcare clients must take both HIPAA and state privacy laws into account when addressing the legal considerations for responding to requests for protected health information (PHI). Together with attorney Julie Markgraf of the North… Read More >