State laws that restrict or criminalize abortions will require significant amounts of health information to enforce, putting new pressure on health care providers caught in the middle of competing obligations to their...more
In the wake of the Supreme Court’s ruling in Dobbs vs. Jackson Women’s Health Organization, much has been written about how existing privacy laws, such as the Health Insurance Portability and Accountability Act (“HIPAA”), are...more
A recent settlement agreement between a clinical laboratory and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) to resolve potential HIPAA Security Rule violations proves to be a...more
As we’re all painfully aware, public health issues dominated 2020 and with the country’s attention focused on COVID-19 testing, status, transmission and care, HIPAA went mainstream. Health information became critical not only...more
The Department of Health and Human Services (HHS) is pushing ahead in its Regulatory Sprint to Coordinated Care with a new proposed rule, announced by HHS’ Office for Civil Rights (OCR) on December 10, to modify the HIPAA...more
US hospitals and healthcare facilities struggling to maintain normal operations during the COVID-19 emergency, were warned this week by the federal Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of...more
The U.S. Department of Health and Human Services (HHS) recently released a final rule further amending 42 CFR Part 2 regulations (Part 2) to allow greater sharing of patient records related to substance use disorder (SUD)...more
7/20/2020
/ Confidentiality Policies ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Drug & Alcohol Abuse ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opioid ,
Patient Privacy Rights ,
Prescription Drugs ,
Substance Abuse
As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more
12/24/2019
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
Covered Entities ,
Data Breach ,
Data Security ,
Enforcement Actions ,
FBI ,
General Data Protection Regulation (GDPR) ,
Government Investigations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Phishing Scams ,
Ransomware
On August 22, the Substance Abuse and Mental Health Services Administration (“SAMHSA”) announced a new proposed rule (the “Proposed Rule”) amending 42 CFR part 2 (“Part 2”), which is aimed at protecting patient records...more
9/4/2019
/ Confidential Information ,
Consent ,
Disclosure Requirements ,
Health Care Providers ,
HIPAA Privacy Rule ,
Information Sharing ,
Medical Records ,
Opioid ,
Patient Privacy Rights ,
Pharmaceutical Industry ,
Proposed Rules ,
SAMHSA ,
Substance Abuse
There are reports that HHS plans to issue a proposed rule next month, which would again amend 42 CFR Part 2 (“Part 2”) and modify how the medical records of patients with substance abuse disorders are currently shared between...more
7/26/2019
/ Confidential Information ,
Consent ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Patient Privacy Rights ,
Proposed Amendments ,
Proposed Rules ,
Substance Abuse
Last week, the HHS Office for Civil Rights (OCR) launched an improved version of their HIPAA Breach Reporting Tool (HBRT), commonly referred to by OCR and regulated entities alike as the HIPAA “Wall of Shame.” OCR has also...more
By now, you may have heard about the global ransomware attacks affecting health care and other organizations throughout the world, in particular the United Kingdom, but also in the United States. The ransomware variant,...more
On Wednesday, March 8, James B. Comey, Director of the FBI, was at Boston College to deliver the keynote address for the inaugural Boston Conference on Cyber Security (BCCS 2017). Director Comey addressed various industry,...more
On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more
7/12/2016
/ Breach Notification Rule ,
Covered Entities ,
Cyber Attacks ,
Data Breach ,
Employee Training ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Hospitals ,
New Guidance ,
OCR ,
PHI ,
Ransomware ,
Security Risk Assessments
This is the fourth and final post in our series on the Medicare Access and CHIP Reauthorization Act (MACRA). Pub.L. No. 114-10. We’ve previously covered the repeal of the Sustainable Growth Rate (SGR) in our April 20th post,...more
4/27/2015
/ Affordable Care Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
EHR ,
Electronic Health Record Incentives ,
Electronic Medical Records ,
GAO ,
Health Care Providers ,
Healthcare ,
HITECH Act ,
Meaningful Use ,
Medicaid ,
Medicare ,
Medicare Access and CHIP Reauthorization (MACRA) ,
Medicare Part B ,
PQRS ,
Telehealth ,
Telemedicine
……………..a cumbersome C-A-P
The U.S Department of Health and Human Services Office for Civil Rights has received tremendous publicity in recent years for its upward-trendingfines and aggressive enforcement of HIPAA...more