As an update to our previous post, HHS announced that the deadline to submit comments on their proposed rule to revise HIPAA regulations was extended until May 6, 2021. Changes contemplated by the proposed rule involve relaxing certain privacy standards, strengthening individuals’ rights to access their protected health information (PHI) and other initiatives that
OCR Relaxes HIPAA Rules for COVID-19 Community-Based Testing Sites
The U.S. Department of Health & Human Services Office of Civil Rights (OCR) announced that it will refrain from imposing penalties for violations of HIPAA for covered entities or business associates participating, in good faith, in the operation of COVID-19 Community-Based Testing Sites during the nationwide public health emergency. The notice related to the relaxation…
CARES Act Changes to Federal Substance Use Privacy Law
Section 3221 of the CARES Act ratified fundamental changes to the Public Health Service Act requiring HHS to revise 42 C.F.R. Part 2, regulations within 12 months. The changes are significant and follow the increasing movement to align the rules that govern the confidentiality requirements of substance use disorder records with HIPAA. Our health law…
OCR Provides Guidance Related to COVID-19 PHI Disclosures
The Department of Health and Human Services, Office of Civil Rights (OCR) recently released guidance and helpful examples illustrating how Covered Entities can comply with HIPAA and the Privacy Rule and still disclose protected health information (PHI) about individuals infected with or exposed to COVID-19 to Essential Providers. Read the full post on our Healthcare…
HIPAA New Year!
It’s time for year-behind-us reminisces and year-before-us prognostications and, for those of us with nothing better to do during the last few days of 2017 and first few days of 2018, attention turns to HIPAA enforcement. So what happened and what can we look forward to? If past is prologue, expect the sound of silence as there was nominal Office for Civil Rights (OCR) activity in 2017 and, with the one noisy exception, no actions to cause your ears to burn.
Continue Reading HIPAA New Year!
Top 3 HIPAA Lessons Learned from Hurricane Season
With a few more weeks left in the hurricane season, it may be a good time to review HIPAA Privacy Rule protocols in emergency situations.
Continue Reading Top 3 HIPAA Lessons Learned from Hurricane Season
Healthcare Technology & Privacy – Pushing the Limits of HIPAA
Last week, a number of Husch Blackwell attorneys participated in the firm’s sponsorship of the 2017 South by Southwest (SXSW) Conference and Festivals in Austin, Texas. A contingency of our Healthcare attorneys attended the sessions and staffed our booth at the SXSW Trade Show’s Health Pavilion. There were several sessions focused on emerging…
HIPAA Enforcement Actions – A look back at 2016
According to the most recent data provided by the U.S. Department of Health & Human Services, there are currently 3,427 open complaints regarding possible health information privacy violations. Below is a look back at four noteworthy HIPAA breaches that occurred in 2016.
Continue Reading HIPAA Enforcement Actions – A look back at 2016
HIPAA punches a serious blow: Advocate Health enters into $5.5-million settlement for violations
Anytime we conduct a training, we can’t help but turn blue in the face repeating over and over again the importance of conducting an accurate and thorough risk analysis of electronic PHI (ePHI). In the event of a breach or an audit, one of the first items the Office of Civil Rights (OCR) will ask for is the risk analysis. The OCR has obviously lost its patience for entities that choose or fail to perform an adequate risk analysis. Earlier this month, Advocate Health Care Center (Advocate Health) agreed to pay a massive $5.55 million to settle multiple violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This settlement is the largest to-date against a single entity.
Continue Reading HIPAA punches a serious blow: Advocate Health enters into $5.5-million settlement for violations
Adding more class to Information Governance (Part 2)
In this series on establishing security classifications for your company’s information, last week’s post looked at one aspect – the widely varying definitions of Protected Information under state PII breach notification statutes. But if your organization is a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA), the definition of Protected Health information (PHI) is also a key puzzle piece for your classification scheme.
HIPAA establishes national standards for the use and disclosure of PHI, and also for the safeguarding of individuals’ electronic PHI, by covered entities and business associates. Merely having information commonly thought of as “protected health information” does not mean that HIPAA applies. And there are some surprises in which organizations are – and are not – covered by HIPAA. So, that’s the first question to answer – is your company a HIPAA covered entity or business associate?Continue Reading Adding more class to Information Governance (Part 2)