What better way to welcome the new year than with proposed new HIPAA Security Rules? As 2024 came to an end, the U.S. Department of Health and Human Services announced new proposed regulations to strengthen cybersecurity and...more
1/6/2025
/ Artificial Intelligence ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Risk Assessment
Today the U.S. Department of Health & Human Services (HHS) finalized rules published in December of 2022 changing the requirements for handling SUD patient information governed by 45 CFR part 2 (Part 2)....more
As states enact and enforce various laws restricting, prohibiting, and even criminalizing abortion and other reproductive health care services, HIPAA rules that allow disclosure of patient information become potential privacy...more
Data Privacy Day is this weekend. Here are some tips and pointers individuals and businesses should keep in mind going forward.
1. Transparency is front and center for regulators in the United States and Europe, so if...more
The Supreme Court of the United States held in Dobbs v. Jackson Women’s Health Organization, that the Constitution does not confer a right to abortion, overruling long-standing precedent in Roe v. Wade and Planned Parenthood...more
7/5/2022
/ Abortion ,
Aiding and Abetting ,
Board of Directors ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Employee Assistance Programs ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Employer Group Health Plans ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HRA ,
PHI ,
Roe v Wade ,
SCOTUS ,
Self-Insured Health Plans ,
Title VII ,
Travel Expenses ,
White Collar Crimes
The Office for Civil Rights within the Department of Health and Human Services (OCR) provided guidance in June that reassured covered entity health care providers and that it is generally OK to use or disclose protected...more
A patient asks her doctor to send her test results to an app the patient has downloaded on her phone. The doctor worries that the app is not secure and that the patient might not understand the security risks. What should...more
Fox Rothschild LLP partner Beth Larkin listened to the HHS Office for Civil Rights 4/24/20 webinar (which should be posted on its website at some point) regarding HIPAA and COVID-19 and took notes. Here’s my summary of key...more
Some twenty-three years ago, the first well-publicized incident of the re-identification of de-identified personal health data was brought to the attention of the American public. It involved the then governor of...more
The answer to this question has changed yet again. I’ve blogged on this topic several times in the past, and described the question as a wriggling worm. Plaintiff Ciox Health, LLC has finally managed to catch that worm and...more
Last week, the Office for Civil Rights (OCR) announced its second enforcement action and settlement with a provider for failing to comply with HIPAA’s patient access requirements. Korunda Medical, LLC, a primary care and...more
More and more often, health care data is stolen or made inaccessible by targeted ransomware attacks. The Office for Civil Rights (OCR) published a newsletter this week that provides warnings for HIPAA covered entities and...more
A large New York hospital system learned this lesson the expensive way. According to a U.S. Department of Health and Human Services (HHS) press release issued earlier this week, the Office for Civil Rights (OCR) investigated...more
Last May, around the time many schools let out for the summer, the Office for Civil Rights (“OCR”) published guidance entitled “Direct Liability of Business Associates” (the “Guidance”), which focuses, not surprisingly, on...more
“TMI” usually means “too much information”, but it was used aptly by the Office for Civil Rights (OCR) as an acronym for a covered entity that exposed protected health information (PHI) of more than 300,000 patients through...more
If you are a covered entity health plan or clearinghouse, you may be among the nine (un)lucky entities randomly chosen this month for review into compliance with HIPAA’s Administrative Simplification rules governing...more
HHS Office for Civil Rights (OCR)’s April 3, 2019 cybersecurity newsletter highlights one of the more challenging cybersecurity vulnerabilities faced by covered entities and business associates. OCR reminds covered entities...more
The U.S. Department of Human Services’ Office for Civil Rights has set a Feb. 12 deadline for stakeholders to comment on how it should modify HIPAA, especially the Privacy Rule, to promote coordinated, value-based health...more
The recent criminal conviction of a Massachusetts physician provides a stark reminder that violating HIPAA can result in more than civil monetary penalties and the financial and reputational fall-out that results from a...more
Text messaging is a convenient way for busy doctors to communicate, but for years, the question has remained: are doctors allowed to convey sensitive health information with other members of their provider team over SMS? The...more
Heading into its 22nd year, HIPAA continues to be misunderstood and misapplied by many, including health care industry professionals who strive for (or at least claim the mantle of) HIPAA compliance. Here is my “top 5” list...more
Long gone are the days when social media consisted solely of Myspace® and Facebook®, accessible only by logging in through a desktop computer at home or personal laptop. With every single social media platform readily...more
In some respects, HIPAA has had a design problem from its inception. HIPAA is well known today as the federal law that requires protection of individually identifiable health information (and, though lesser-known, individual...more