On December 1, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued a Bulletin entitled ”Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates“ that addresses the responsibilities of HIPAA covered entities and business associates (“regulated entities”) when using online tracking technologies. Regulated entities need
Cybersecurity
Dental Care Alliance Settles Cyberattack Lawsuit for $3 Million
Dental Care Alliance, LLC (DCA) agreed to settle a class action lawsuit that arose out of a 2020 cyberattack. A hearing to approve the $3 million settlement was held on September 1.
DCA, based in Sarasota, Fla., is a dental services organization that provides practice support to over 390 affiliated dental practices across the U.S.…
Conducting HIPAA Breach Assessments and Disclosures: Requirements and Tips for Success
In the next installment of Rivkin Radler’s Healthcare Compliance Lunch & Learn series, Ashley Algazi will discuss requirements and tips for success in conducting HIPAA breach assessments and making required disclosures. The program will:
• Review HIPAA breach definition
• Discuss the analysis and investigation process to determine whether a breach has occurred
• Review…
University Health Center Pays $875,000 in HIPAA Fines after Cyber Hack
Oklahoma State University’s Center for Health Services recently paid $875,000 to settle potential HIPAA violations after a cyberattack resulted in the unauthorized access of its patients’ protected health information. A hacker installed malware on the Center’s web server which contained electronic protected health information. More than 275,000 individuals were affected by the breach, which resulted…
FTC Appears Ready to Begin Enforcing Its Health Breach Notification Rule
Rivkin Radler’s Shari Claire Lewis wrote an article, “FTC Appears Ready to Begin Enforcing Its Health Breach Notification Rule,” that was published in the New York Law Journal on April 18. The article discusses the Federal Trade Commission’s rule that requires manufacturers of connected medical devices, fitness trackers and other wearables, and health…
HHS Report Warns of EMR and EHR Security Risks
The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) recently issued a report entitled “Electronic Medical Records in Healthcare” that discussed security risks applicable to electronic medical records (EMRs) and electronic health records (EHRs). EHRs and EMRs are prime targets for cyber attackers because protected health information (PHI)…
New Proposed Bills Would Extend Telehealth Waivers, Modernize HIPAA
We don’t often cover brand-new proposed legislation on Rivkin Rounds, generally preferring to wait until it’s closer to becoming law. However, two bipartisan bills introduced in Congress last week are worthy of mention.
The Telehealth Extension and Evaluation Act would allow the Centers for Medicare & Medicaid Services to extend certain pandemic-era flexibilities in Medicare…
EyeMed Fined $600K for 2020 Data Breach
On January 24, New York Attorney General Letitia James announced a settlement with EyeMed Vision Care LLC based on shortcomings in the company’s data security procedures. The problems were discovered during the state’s investigation of a 2020 data breach that affected 2.1 million people.
EyeMed, owned by Italian eyeware giant Luxottica Group PIVA, provides vision…
An Insurance Fraud Year in Review
Rivkin Radler’s Michael Sirignano wrote an article, “An Insurance Fraud Year in Review,” that was published in the January 6 issue of the New York Law Journal. Among the many cases and settlements discussed were False Claims Act cases involving federal healthcare programs, healthcare fraud related to COVID-19 testing and telehealth services,…
HIPAA Changes Coming in 2022 Might Require Policy Revisions
An article in the December issue of HIPAA Regulatory Alert, “HIPAA Changes Coming in 2022 Might Require Policy Revisions,” discussed how proposed changes to HIPAA and the HITECH Act may affect covered entities and business associates. Rivkin Radler’s Eric Fader was quoted in the article.
Eric pointed out that the proposed changes…