Search Legal Perspectives:
Health Law Alert
2013: Issue 1 - Focus on HIPAA/Privacy
First OCR Settlement Involving a "Small" Breach Focuses on Mobile Device Security
By: James B. Wieland and Joshua J. Freemire*
In what is best understood as a follow-up to both the recent settlement with MEEI and the release of its mobile device security guidance, HHS OCR recently released details of a settlement reached with the Hospice of Northern Idaho (HONI) that again focuses on the entity’s failure to properly secure mobile technology containing protected health information (PHI). HONI will pay a $50,000 fine and has entered into a two-year Corrective Action Plan (CAP) that notably does not include provisions for independent monitoring of HONI’s compliance activities.Click to continue...
Are Your Mobile Devices HIPAA Compliant? Practical Steps to Ensure Compliance
Mobile device use is becoming more commonplace in health care. Health care professionals use text messaging to communicate with each other about patient status. Medical schools now provide residents tablets to use as textbooks and to round on patients. With the increased use of mobile devices comes increased opportunity for HIPAA compliance issues. In the recently launched initiative, Mobile Devices: Know the RISKS. Take the STEPS. PROTECT and SECURE Health Information, OCR and ONC provide tips on ways to safeguard protected health information (PHI) when using mobile devices such as laptops, tablets and smart phones.Click to continue...
Guidance on De-Identified Protected Health Information Offers In-depth Instruction on Technical Issues
By: James B. Wieland and *Joshua Freemire
The HITECH Act required the Secretary of Health and Human Services to publish a number of “Guidance” documents to inform the health care industry and its advisors about practical aspects of HIPAA compliance and HITECH implementation. At the end of November 2012, the Secretary published one such document Guidance Regarding Methods for De-Identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act Privacy Rule. The Guidance does not break any new ground, but it does provide a practical instruction on how to take advantage of de-identification to make the essence of large data bases of protected health information available for secondary use. These information caches are increasingly valued for public or other population-based analytics purposes such as epidemiology and private purposes such as business planning and, in some instances, marketing or fund-raising.Click to continue...