ARTICLE
11 February 2016

Recent HIPAA Actions Help Inform Security Practices Of Digital Health Providers

JD
Jones Day

Contributor

Jones Day is a global law firm with more than 2,500 lawyers across five continents. The Firm is distinguished by a singular tradition of client service; the mutual commitment to, and the seamless collaboration of, a true partnership; formidable legal talent across multiple disciplines and jurisdictions; and shared professional values that focus on client needs.
The U.S. Department of Health and Human Services, Office for Civil Rights recently released details about a $750,000 HIPAA settlement, emphasizing the importance of risk analysis and device and media control policies.
United States Food, Drugs, Healthcare, Life Sciences

The U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR") recently released details about a $750,000 HIPAA settlement, emphasizing the importance of risk analysis and device and media control policies. The OCR found a cancer care provider in widespread noncompliance with the HIPAA security rule, and it specifically attributed a security breach to the fact that (i) the provider had not conducted an enterprise-wide risk analysis, and (ii) the provider did not have a written policy in place specific to the removal of hardware and electronic media containing protected information into and out of its facilities. In an unrelated matter, OCR also launched a new portal for mobile health developers to ask questions about HIPAA privacy and security. According to a press release, anyone may browse the site, and although users must log in with an email address to submit questions, all users will remain anonymous to OCR, and posting information will not subject anyone to enforcement action.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More