Thompson

HHS to Step Up HIPAA Privacy Enforcement in ‘Abject Failure’ Cases

March 9, 2012 – 6:08 pm | By David Slaughter | No comments yet

The U.S. Department of Health and Human Services (HHS) is refocusing its HIPAA privacy enforcement efforts on seeking monetary penalties in cases of “abject failure” to comply, the head of HHS’ Office for Civil Rights (OCR) indicated. “The majority of matters we handle are going to be resolved through education” as they have in the past, OCR Director Leon Rodriguez told a privacy conference. But OCR plans to do fewer of those cases and more penalty cases where it finds “an abject failure of due diligence,” he said. “We’re seeing a lot of cases like that.” Rodriguez cited past million-dollar settlements for incidents involving protected health information (PHI) left on a subway train or disposed of in a publicly accessible dumpster. Although those OCR actions came in response to specific incidents, “the big issue for me is what’s going on inside the entity that makes those things happen,” he said. OCR is seeing those kinds of organizational failures to assess and manage risk at many HIPAA-covered entities, he warned. Lawmakers and others have criticized OCR for spotty enforcement of HIPAA’s privacy and security rules, even after the HITECH Act of 2009 greatly increased HIPAA penalty amounts and other enforcement authorities. HITECH’s breach notification rules are another space we’ll see enforcement activity, Rodriguez said. “I’m not sure about the level of compliance” with the requirement to notify affected individuals, and sometimes HHS, of PHI breaches. HHS’ list of major breaches includes “way too many familiar names and not enough unfamiliar names,” so an enforcement action for failing to report “an obvious reportable breach” might help get the message out, he said. Rodriguez spoke March 8 at the International Association of Privacy Professionals’ Global Privacy Summit. HIPAA privacy and security enforcement and breach notification are detailed in the Employer’s Guide to HIPAA and Employer’s Guide to HIPAA Privacy Requirements.

Posted in Employee data privacy and security | Tagged , ,

Labor Extends Comment Period for Caregiver Rule

March 9, 2012 – 6:06 pm | By Rita Zeidner | No comments yet

The Labor Department  has extended the comment period for its proposed rule to provide minimum wage and overtime protections for in-home companions by nine days, the agency announced in a March 9 release. The division published a notice of proposed rulemaking in the Federal Register on Dec. 27, 2011, with a comment period originally set to end on Feb. 27, 2012. The division then extended the comment period to March 12. The department now will extend the comment period through March 21. Comments received between Dec. 27 and March 21 will be included in the rulemaking record. These actions will provide additional time for members of the public to analyze the issues raised in the proposal and to provide comments. The proposed rule would expand minimum wage and overtime protections by ensuring that all home care workers employed by third parties, such as staffing agencies, receive these protections. It also would clarify that individuals performing skilled in-home care work are entitled to minimum wage and overtime pay. However, individuals engaged by families for true companionship or fellowship activities, such as visiting with friends or pursuing hobbies, still would be considered “companions” and not be required to meet the act’s labor standards provisions. To learn more about the proposed rule, visit http://www.dol.gov/whd/flsa/companionNPRM.htm.

Posted in Exempted employees, Fair Labor Standards Act, In-home Companions, Minimum wage, Overtime | Tagged , ,

Marketo