Health Care Counsel

Arent Fox's health care law blog offers news, analysis, and insights for the health care industry.

Health Care Counsel

New Director, Same Direction for OCR HIPAA Enforcement

alert

New Director, Same Direction for OCR HIPAA Enforcement

What’s New?

On Monday, the US Department of Health & Human Services’ Office for Civil Rights announced that CardioNet has entered into a $2.5 million HIPAA settlement. CardioNet provides mobile cardiac monitoring services and is the first wireless health services provider to enter into a settlement with OCR. CardioNet had not performed a risk analysis or adopted a risk management plan; its Security Rule policies and procedures were still in draft form; and CardioNet was unable to show that it had finalized and implemented any policies safeguarding ePHI, including safeguards for mobile devices. This lack of compliance with the Security Rule contributed to the theft of an employee’s laptop containing the unsecured ePHI of 1,391 individuals.

Why Should You Care?

Under the new administration, OCR is continuing its crackdown on Covered Entities and Business Associates flouting compliance with the Security Rule. Roger Severino, OCR’s new Director, said “failure to implement mobile device security by Covered Entities and Business Associates puts individuals’ sensitive health information at risk. This disregard for security can result in a serious breach, which affects each individual whose information is left unprotected.” Per our warning last week, it seems clear that OCR is continuing its aggressive enforcement in this area.

What’s the Takeaway?

Failure to adequately safeguard ePHI can result in serious financial and reputational damage. Please take this opportunity to review your HIPAA compliance program, especially with respect to your implementation of the Security Rule's standards for safeguarding ePHI.

Arent Fox’s Health Care and Privacy, Cybersecurity & Data Protection groups monitor developments in HIPAA enforcement and compliance. If you have any questions, please contact Jade Kelly, Sarah L. Bruno, or the Arent Fox professional who regularly handles your matters.

SUBSCRIBE

Add the Arent Fox Health Care Law blog to your RSS feed reader.

Arent Fox In Your Inbox
To subscribe to Arent Fox Alerts and other news, click here.

ABOUT ARENT FOX LLP

Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.