We use cookies to customise content for your subscription and for analytics.
RegisterIf you have any questions about the service please contact c or call Lexology Customer Services on +44 20 7234 0606.
If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.
HHS recently included on its website some helpful information regarding security of mobile devices in video format. While primarily directed at health care providers, Online Education the videos are still useful for health plan sponsors/administrators (and their business associates). (The way the HIPAA rules are written suggest that the plan itself should view the videos, but we doubt the actual physical document would learn much.) Interestingly, the videos are emblazoned with disclaimers that following the videos does not guarantee compliance with HIPAA or any other law.
Lexology is one of the few newsfeeds that I do actually look over as and when it comes in - the information is current; has good descriptive headings so I can see quickly what the articles relate to and is not too long.
First HHS OCR settlement for HIPAA breach involving less than 500 patients sends message to providers
Senior Legal Counsel, Bankwest Business
If you are interested in submitting an article to Lexology, please contact Andrew Teague at .
Bank of Western Australia Ltd
It is a particularly good idea for plan sponsors/administrators to review the videos given that HHSs Office of Civil Rights (OCR) recently announced a resolution agreement with Hospice of North Idaho (HONI) in which HONI agreed to pay $50,000 and made certain future compliance commitments. The OCR investigation started due to HONIs voluntary report of a theft of an unencrypted laptop in accordance, Free legal information it appears, with the breach notification rules instituted by HITECH. Notably, the breach involved fewer than 500 participants (which is generally considered a small breach). Once OCR investigated, it determined that HONI (1) did not conduct the requisite security rule assessment on an on-going basis, info on insurance as required by HIPAA and (2) did not implement adequate safeguards with regarding to electronic PHI.
The bottom line is that plan sponsors and administrators should conduct the requisite risk asHIPAA v the iPhone hipaa lawssessments, particularly where employees may have access to protected health information on their laptops, iPhones, iPads, Android phones and tablets, etc. Plan sponsors/administrators may want to consider additional security training to ensure their employees understand the risks of using mobile devices to access PHI, perhaps even incorporating some of the videos made available by HHS.
OCR continues increased focus on enforcement, announces first HIPAA breach settlement involving less than 500 individuals
Recent SEC decision identifies social media and outside activity risks for investment advisers and broker-dealers
Register Now As you are not an existing subscriber please register for your daily legal newsfeed service.
