Privacy Law Blog
Sara Krauss

Sara Krauss

Subscribe to all posts by Sara Krauss

New HIPAA Cop: First AG Settlement for HIPAA Violations

Last week, the Connecticut Attorney General became the first state attorney general to enter into a settlement agreement for HIPAA violations, as a result of the new authority granted to attorneys general under the Health Information Technology for Economic and Clinical Health Act (HITECH Act). … Continue Reading

Decrypting HHS Guidance on Breach Notification and Security under the HITECH Act: NIST, FIPS, and More

Two months after Congress mandated notification for the breach of unsecured protected health information (PHI), the Secretary of Health and Human Services (HHS) defined what it means to be "unsecured." As required by Section 13402 of the HITECH Act, H.R. 1, 111th Cong. (1st Sess. 2009) (which was part of the American Recovery and Reinvestment Act of 2009), the Secretary issued guidance and a request for comments on the technologies and methodologies rendering information unusable, unreadable or indecipherable. 74 Fed. Reg. 19006 (Apr. 27, 2009) (to be codified at 45 C.F.R. pts. 160, 164). … Continue Reading

HHS Enters Into First Monetary Settlement Under HIPAA

On July 15, 2008, the U.S. Department of Health & Human Services (“HHS”) entered into its first Resolution Agreement with a HIPAA-covered entity to settle alleged violations of the privacy and security regulations promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Pursuant to the Resolution Agreement, a Seattle-based not-for-profit health system, Providence … Continue Reading
LexBlog