Some twenty-three years ago, the first well-publicized incident of the re-identification of de-identified personal health data was brought to the attention of the American public. It involved the then governor of...more
The answer to this question has changed yet again. I’ve blogged on this topic several times in the past, and described the question as a wriggling worm. Plaintiff Ciox Health, LLC has finally managed to catch that worm and...more
More than eleven years have passed since the U.S. Department of Health and Human Services (HHS), the agency responsible for the privacy of protected health information under HIPAA, and the U.S. Department of Education (DOE),...more
Last week, the Office for Civil Rights (OCR) announced its second enforcement action and settlement with a provider for failing to comply with HIPAA’s patient access requirements. Korunda Medical, LLC, a primary care and...more
More and more often, health care data is stolen or made inaccessible by targeted ransomware attacks. The Office for Civil Rights (OCR) published a newsletter this week that provides warnings for HIPAA covered entities and...more
Last May, around the time many schools let out for the summer, the Office for Civil Rights (“OCR”) published guidance entitled “Direct Liability of Business Associates” (the “Guidance”), which focuses, not surprisingly, on...more
Why Covered Entities and Business Associates Cannot Ignore the New California Data Privacy Law-
The California Consumer Privacy Act (CCPA) applies to a wide range of for-profit businesses that collect the personal...more
“TMI” usually means “too much information”, but it was used aptly by the Office for Civil Rights (OCR) as an acronym for a covered entity that exposed protected health information (PHI) of more than 300,000 patients through...more
If you are a covered entity health plan or clearinghouse, you may be among the nine (un)lucky entities randomly chosen this month for review into compliance with HIPAA’s Administrative Simplification rules governing...more
HHS Office for Civil Rights (OCR)’s April 3, 2019 cybersecurity newsletter highlights one of the more challenging cybersecurity vulnerabilities faced by covered entities and business associates. OCR reminds covered entities...more
The U.S. Department of Human Services’ Office for Civil Rights has set a Feb. 12 deadline for stakeholders to comment on how it should modify HIPAA, especially the Privacy Rule, to promote coordinated, value-based health...more
Yesterday’s listserv announcement from the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) brought to mind this question. The post announces the agreement by a Florida company,...more
The new Apple Watch Series 4® is one of the more recent and sophisticated consumer health engagement tools. It includes a sensor that lets wearers take an electrocardiogram (ECG) reading and detect irregular heart rhythms....more
The recent criminal conviction of a Massachusetts physician provides a stark reminder that violating HIPAA can result in more than civil monetary penalties and the financial and reputational fall-out that results from a...more
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Whereas HIPAA applies to particular types or classes of data creators, recipients, maintainers or transmitters (U.S. covered...more
The Report to Congressional Committees of the U.S. Government Accountability Office (“GAO Report”), required under the 21st Century Cures Act, came out about a month earlier than required, but this early bird failed to catch...more
Text messaging is a convenient way for busy doctors to communicate, but for years, the question has remained: are doctors allowed to convey sensitive health information with other members of their provider team over SMS? The...more
Heading into its 22nd year, HIPAA continues to be misunderstood and misapplied by many, including health care industry professionals who strive for (or at least claim the mantle of) HIPAA compliance. Here is my “top 5” list...more
Long gone are the days when social media consisted solely of Myspace® and Facebook®, accessible only by logging in through a desktop computer at home or personal laptop. With every single social media platform readily...more