Covered entities and business associates subject to HIPAA Security Rule are closer to getting a benchmark for encryption standards with the release of the Standards and Guidelines Development Process in late March by the National Institute of Standards and Technology (NIST).
HIPAA / Health Privacy & Security
Arent Fox began advising clients in matters involving the privacy and security of health information long before the final promulgation of the Privacy and Security Standards under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In fact, we represented clients before Congress and HHS throughout the negotiations of the Administrative Simplifications Provisions of HIPAA and the crafting of the final regulations. We also developed a comprehensive model HIPAA compliance program that enables health care providers to implement the Federal Privacy Standards in a systematic and efficient manner.
Given the depth of our HIPAA experience, we are uniquely positioned to provide our clients with a comprehensive, cost-effective means to incorporate new HIPAA and HITECH requirements into existing compliance programs, assess their obligations under the new data breach notification requirements, and unravel the complex HIPAA issues that frequently arise in the context of clinical research. Clients facing a HIPAA enforcement action can turn to Arent Fox with confidence knowing that one of our attorneys was involved in the resolution of the largest HIPAA enforcement case to date.
On April 14, 2016, the European Union formally adopted a new scheme – known as the EU General Data Protection Regulation (GDPR) – to protect the personal data of European residents. The GDPR will enter into force in May 2018, replacing the EU Data Protection Directive 95/46/EC. The GDPR is significantly more onerous than the Directive, seeking to enhance data privacy protections for Europeans. US health care organizations processing Europeans’ personal data should start preparing now for compliance.
In the wake of the recent ransomware attack on Hollywood Presbyterian Medical Center (discussed here), news reports have emerged that at least three more medical centers and a large health care system have been the victims of these attacks. Ransomware is a type of computer attack in which a computer virus encrypts computer files, preventing users from accessing the files until a ransom is paid.
On March 21, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced it was beginning its next round of audits of covered entities and business associates for compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule (the “Phase 2” audits). OCR’s audit program is designed to help OCR assess the HIPAA compliance efforts of the full range of entities covered by the HIPAA regulations.
On Tuesday, February 9, 2016, the Substance Abuse and Mental Health Services Administration (SAMHSA) published proposed revisions to the rules governing the confidentiality of substance abuse treatment records found in 42 C.F.R. Part 2. The rules apply to any federally assisted drug or alcohol abuse program (as defined by the regulations) (each a Part 2 Program). These proposed changes mark the first time the regulations have been subject to revision since 1987.
In a recent decision, a US Department of Health and Human Services (HHS) Administrative Law Judge (ALJ) agreed with the HHS Office of Civil Rights (OCR) that Lincare, Inc. d/b/a United Medical had violated HIPAA. The ALJ also sustained OCR’s imposition of a civil money penalty (CMP) of $239,800 on Lincare.
While management at hospitals and other health care providers has long been aware of the need to implement computer security policies to comply with HIPAA’s requirements for protecting sensitive patient information, cybersecurity may have rocketed to the top of management’s priority list in the wake of the recent cyberattack on Hollywood Presbyterian Medical Center (HPMC) that left the hospital unable to access some of its computer systems for ten days.
Washington, DC — Arent Fox is pleased to welcome partner Douglas A. Grimm, a Fellow of the American College of Healthcare Executives (FACHE), to its national Health Care practice. Mr. Grimm joins the Washington, DC office from Stradley Ronon where he was chair of the firm’s health care practice. Mr.
ABOUT ARENT FOX LLP
Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.