Tag Archives: HIPAA

HHS Further Relaxes HIPAA Regulations Governing Use and Disclosure of Protected Health Information During the COVID-19 Public Health Emergency

On April 2, 2020, the Office for Civil Rights at the U.S. Department of Health and Human Services (“HHS”) announced a Notification of Enforcement Discretion to allow certain uses and disclosures of Protected Health Information (“PHI”) by HIPAA business associates during the COVID-19 public health emergency.  Understanding that the CDC, CMS and state and local … Continue Reading

Key Health Care Provisions of the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”)

On Friday, March 27, the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) was enacted.  Organized below are concise summaries of select CARES Act sections that will impact various sectors of the health care industry:… Continue Reading

2019 Year in Review: Notable Changes in Law, Policy, and Enforcement of HIPAA

According to a December 20, 2019 Report by HIPAA Journal, nearly 39 million health care data breaches had been reported to the U.S. Department of Health and Human Services (“DHHS”), Office of Civil Rights (“OCR”) by the end of November 2019. This is a staggering number, especially considering that this is more than double what … Continue Reading

INFORMATION BLOCKING AND THE RIGHT TO ACCESS INITIATIVE: Why Patients Struggle to Obtain their Medical Records and what the Office of Civil Rights Intends to Do About It

Access to healthcare information (or lack thereof) has always been touted as one of the key factors/necessities to realizing the promise of technology in the delivery of healthcare. Despite various legislative, judicial, patient and industry initiatives, access continues to be a challenge due to a variety of competitive practices and lack of capabilities. Consider the … Continue Reading

Are You a “Hybrid Entity” under the Health Insurance Portability and Accountability Act of 1996? The $4,348,000 Question

A single, multidisciplinary entity, like a university, may include certain departments that use PHI, and other departments that do not. Such institutions are eligible to (and should) self-identify as “hybrid entities” to better manage HIPAA compliance risk. The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic … Continue Reading

A $31,000 Mistake: Failing To Manage Business Associate Agreements Proves Costly For Providers

The Center for Children’s Digestive Health (CCDH), a small, for-profit pediatric subspecialty practice that operates seven clinics in the Chicago area, has paid the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) $31,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).… Continue Reading

Do Routine Calls by Health Plans to Patients and Health Plan Members Constitute “Telemarketing” Under the Telephone Consumer Protection Act? Not Today!

Covered entities have a long list of laws and regulations governing their conduct, including their communications with patients, customers, and members.  Specifically, the Health Insurance Portability and Accountability Act (“HIPAA”) permits many such communications, including those about health care products and services, but precludes certain “marketing” communications absent written consent.  Recently, however, healthcare providers and … Continue Reading

WellPoint, Inc. Reaches $1.7 Million Dollar HIPAA Settlement Continuing the 2012 Trend of Heavy Fines

On July 11, 2013, the U.S. Department of Health and Human Services (HHS) announced that it had reached a $1.7 million dollar resolution agreement with insurer WellPoint Inc., following a security breach that left the personal information of 612,402 individuals exposed and available to unauthorized computer users. Between October 23, 2009, and March 7, 2010, … Continue Reading

HIPAA Statutory Changes Require Action Now by Providers, Plans and Their Business Associates

By Maureen Corcoran Sweeping changes to the obligations of providers, health plans and their service providers ("business associates") under HIPAA privacy and security rules were included in the American Recovery and Reinvestment Act of 2009. Previously only health plans and providers were covered under HIPAA and subject to the criminal and civil monetary penalties. Effective … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree