Latest Articles

On April 24, 2017, the Office of Civil Rights (“OCR”) announced the first HIPAA settlement based on the impermissible disclosure of unsecured electronic protected health information by a wireless service provider. CardioNet, an ambulatory cardiac monitoring service, provides remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias, agreed to pay $2.5 million, and to implement a corrective action plan. As reported by the OCR, in 2012 CardioNet reported to the…
Remember when Edward Snowden showed the world how easy it is for your cell phone to record everything you say? Initial gut reaction for many was something along the lines of disbelief to shock. As time went by, many people took comfort in the idea that the government could not care less about their day-to-day activities. After all—for most of us—our day consists of the daily routine of workout, work, and daily errands. Yet, spying…
Anytime we conduct a training, we can’t help but turn blue in the face repeating over and over again the importance of conducting an accurate and thorough risk analysis of electronic PHI (ePHI). In the event of a breach or an audit, one of the first items the Office of Civil Rights (OCR) will ask for is the risk analysis. The OCR has obviously lost its patience for entities that choose or fail to perform…
Based on recent news stories and our experience, it appears that cybercriminals may be targeting healthcare providers with ransomware attacks. Publicly reported incidents and others of which we are aware have involved providers ranging from clinics and imaging centers to hospitals, and these entities have had to pay hundreds to thousands of dollars to gain access to their medical records, billing records or other vital computer systems – often after significant interruption of operations. On…
My New Year’s resolutions will likely be broken early and often in 2016. My consequences are mostly non-monetary: a few more pounds, a little less savings, and not winning the triathlon in my age group. Your consequences, as a HIPAA-covered entity or business associate, for not complying with the Privacy and Security Rules could be much greater, and could put you into serious debt to the HHS Office of Civil Rights (OCR). Therefore, we propose…
My New Year’s resolutions will likely be broken early and often in 2016. My consequences are mostly non-monetary: a few more pounds, a little less savings, and not winning the triathlon in my age group. Your consequences, as a HIPAA-covered entity or business associate, for not complying with the Privacy and Security Rules could be much greater, and could put you into serious debt to the HHS Office of Civil Rights (OCR). Therefore, we propose…
There are at least 1,040 reasons to love Florida. Who isn’t drawn to the sunshine, the pristine beaches, the food… and the tax fraud racket? For decades, South Florida has been the Silicon Valley for scam artists, drawn by the weather and the opportunity to make lots of money without actually doing much work. According to the Federal Trade Commission, Florida holds the highest per capita rate of identity theft complaints, followed by Georgia and…
It may still be September, but to countless retailers, Halloween is already here. Passing by displays of spooky items while shopping, the ’80s haunted-house music video “Somebody’s Watching Me” comes to mind: “I always feel like somebody’s watching me, and I have no privacy” (yes, Rockwell has attribution, but Michael rocks the chorus). The paranoid fellow in the video was worried about the IRS and the mailman – how quaint. In today’s world, high…
Effective Sept. 1, 2015, there are significant changes to Texas Guardianship laws. For the first time, probate courts must consider alternatives to guardianship, and supports and services available to the proposed ward before a guardianship is created. Two new alternatives to appointing a guardian now exist: Designation of Guardian Before the Need Arises and Alternate Forms of Decision-Making Based on Person-Centered Planning; and Supported Decision Making Agreement. Tex. Est. Code §§ 1002.0015 & 1357.001.…
It’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. The healthcare industry is a prime target, especially given the premium value of health information on the black market. And healthcare entities face not only PHI breach exposures, but also security risks for other forms of protected information, such as PII and, for many, cardholder data. Healthcare organizations must be prepared to respond to…