90,000 Patients Affected By UW HIPAA Breach

Just before the Thanksgiving holiday, UW Medicine reported a HIPAA security breach, affecting roughly 90,000 patients at Harborview and UW Medical Centers.  In early October, a UW Medicine employee opened an e-mail attachment containing malicious software.  The malware took control of the computer, which had patients’ data stored on it.  The information that was exposed was a [...]


Reducing the Risks of Third-Party Access to EHR Systems

UnityPoint Health, a health system located in Iowa, recently informed 1,800 patients of a breach of their health information.  UnityPoint learned of the breach after an audit discovered that a third party contractor’s employee had improperly gained access to the UnityPoint electronic health record (EHR) system and viewed the records of the 1,800 patients. The [...]


Copier Hard Drive Breach Costs Plan $1.2 Million

Yesterday, HHS announced a new HIPAA related settlement with Affinity Health Plan for $1,215,780 related to PHI maintained on leased copy machines.  This settlement follows an OCR investigation prompted by Affinity’s breach report filed on April 15, 2010.   Affinity became aware of the breach following notice from CBS Evening News.  Apparently, CBS purchased a photocopier previously [...]


PSBJ Article on HIPAA Interviews OMW Attorney David Schoolcraft

The Puget Sound Business Journal issued an article today on HIPAA and the impact on business associates.  The article interviewed Ogden Murphy Wallace Attorney David Schoolcraft because of his expertise in healthcare privacy law and health information technology.  The article focuses on the impact HIPAA has on health IT start-ups and their relationships with HIPAA covered entities. [...]


Increase in Costs for Copies – But Don’t Forget HIPAA (Updated)

Effective July 1, 2013, medical providers in Washington may increase their charges for searching and duplicating medical records.  The Department of Health (“DOH”) recently released the updated fee schedule for providers. The revised charges are as follows:   Current Fee Schedule Fee Schedule Effective July 1, 2013 Copying for First 30 Pages $1.04/page $1.09/page Additional Pages $0.79/page [...]


Stolen Laptop Leads to Stanford’s Fifth HIPAA Breach

Earlier this month Stanford reported its 5th HIPAA breach since 2009.  This is Stanford’s third largest breach, affecting nearly 13,000 patients.   A broken laptop containing protected health information of pediatric patients was stolen from a restricted area of the Lucile Packard Children’s Hospital at Stanford.  The laptop was un-encrypted and contained patient information including: name, medical record [...]


Recent HIPAA Settlement Illustrates the Importance of Performing Risk Assessments.

Last month, the Department of Health and Human Services (HHS) entered into a resolution agreement with Idaho State University (ISU) to settle HIPAA violations related to ISU’s electronic health records system.  Under the agreement, ISU agreed to pay $400,000 to HHS to settle the claims. ISU’s HIPAA violations resulted from its failure to detect disabled [...]


The HITECH Act Final Rule’s Requirements for Using Health Information for Fundraising Purposes

With the HITECH Act Final Rule’s required revisions to business associate agreements, notices of privacy practices, and breach notification policies, it is easy to miss the Final Rule’s changes to the requirements for the use or disclosure of protected health information (PHI) for fundraising purposes.  The new fundraising requirements under HIPAA and the HITECH Act [...]


HIPAA Final Rules Eliminates Covered Entities’ Discretion to Comply with Individuals’ Requests for Restriction of PHI Disclosure in Certain Cases

This article marks our first in a series of articles pertaining to the new HIPAA Final Rules implementing the HITECH Act. Before the Final Rule, covered entities  were required under HIPAA to permit individuals to request that covered entities restrict the use or disclosure of protected health information (PHI) for treatment, payment and health care operations purposes.  [...]


OMW Hosting Webinar on HIPAA Changes

2013 – HIPAA Readiness Program   Join us for a Webinar on March 21 Space is limited. Reserve your Webinar seat now at: https://www3.gotomeeting.com/register/822080726 New HIPAA rules were recently finalized and will go into effect in 2013.  This webinar program will provide important information to help your organization prepare for the implementation of these new rules, [...]