Starting today we are implementing a remote-work environment, with only a handful of people in our physical office on an as-needed basis (subject to rapidly evolving governmental orders.)
Our substantial investment in technology allows us to accomplish this transition with as little disruption to our operations as possible.
Email and telephone service remain the same. We are equipped for video conferencing and conference calling as needed.
All our technology is HIPAA and state privacy law compliant.
Be assured we remain committed to maintaining the high level of personalized service that you, our clients, have come to expect.
We will be reaching out to you with regard to the matters we are currently handling in the ordinary course.
Stay safe, and, together with our families, clients and the greater community, we look forward to moving past this difficult time and a speedy return to normal. As always, if we can be of any assistance, please do not hesitate to reach out to us.
On March 4, 2020, Mathew J. Levy, Esq. will be speaking with Pediatric Chief Residents regarding their first-year employment agreement and he will also be providing practical legal advice to those who will be going into their first job out of residency.
Location: The Children’s Hospital at Montefiore Medical Center (3415 Bainbridge Avenue, The Bronx, NY 10467).
Every year, we remind our clients that the HIPAA Breach Notification Rule (45 C.F.R. § 164.408) requires covered entities to notify the Secretary of the Department of Health and Human Services via the Office for Civil Rights (OCR) of any reportable small data breaches within 60 days of the end of the calendar year in which the data breach occurred; small breaches are those involving fewer than 500 records. In most years, the deadline for reporting small data breaches is March 1, however because this is a leap year all covered entities must notify OCR one day earlier than usual, by February 29, 2020.
All breaches must be submitted via the OCR’s self-reporting breach portal. Note that covered entities must report each data breach separately; because complete information is required for each breach, this process can take some time if two or more small data breaches occurred within a single calendar year. For this reason, we strongly recommend timely reporting of breaches ahead of the deadline to avoid incurring financial penalties. To ensure compliance, many covered entities elect to provide notification to OCR simultaneously with individual notice. For breaches involving an undetermined number of affected individuals, an estimate can be included in the breach report and an addendum can be submitted once the actual number is known.”