“The guidance reminds the public that the HIPAA Privacy Rule does not apply to employers or employment records.”[1]

On September 30, 2021, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) released guidance (the “Guidance”) entitled, “HIPAA, COVID-19 Vaccination, and the Workplace,” regarding the applicability of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule (“Privacy Rule”) to disclosures and requests for information regarding COVID-19 vaccination status. In a frequently-asked-questions format, the Guidance sets forth a series of workplace-related scenarios involving the confidentiality of an employee’s vaccination status, an employer’s ability to obtain vaccination information from its employees, and the confidentiality of such information.

Continue Reading HIPAA and COVID-19 Vaccination Status: The Office of Civil Rights Issues Workplace Guidance

According to a December 20, 2019 Report by HIPAA Journal, nearly 39 million health care data breaches had been reported to the U.S. Department of Health and Human Services (“DHHS”), Office of Civil Rights (“OCR”) by the end of November 2019. This is a staggering number, especially considering that this is more than double what was reported in all of 2018. This appears to be part of an exponentially growing number of breach reports since, as we reported last year, 2018’s breach reports were already three times greater than what was reported in 2017.

This article explores some of the trends that can be attributed to the growing number of breaches and how the OCR has responded to the difficulties experienced by healthcare entities (“Covered Entities”) covered by the security and confidentiality requirements applicable to protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 and 45 CFR Parts 160 and 164, as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”) (collectively referred to hereinafter as “HIPAA”).
Continue Reading 2019 Year in Review: Notable Changes in Law, Policy, and Enforcement of HIPAA

The Department of Health & Human Services (DHHS) Office of Civil Rights (OCR) recently announced it will devote more resources to investigate smaller HIPAA breaches. Before this announcement, OCR typically opened investigations for HIPAA breaches affecting more than 500 individuals.
Continue Reading OCR to Focus More Investigative Resources on Smaller HIPAA Breaches with Less Than 500 Individuals Affected