Preparation for operations after the end of the Public Health Emergency (PHE) have commenced. HHS released guidance on using remote communication technologies for audio-only telehealth services in compliance with HIPAA. In...more
Preparation for operations after the end of the Public Health Emergency (PHE) have commenced. HHS released guidance on using remote communication technologies for audio-only telehealth services in compliance with HIPAA. In...more
On April 4, 2022, the U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) seeking input from HIPAA-covered entities and business associates on how the industry understands and is...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The federal Department of Health and Human Services (HHS) issued guidance on the applicability of HIPAA to COVID-19 vaccination information, directly addressing a number of misconceptions about when HIPAA does, or does not,...more
The Federal Trade Commission (FTC) just released a Policy Statement emphasizing how telemedicine and digital health apps can be held accountable under the Health Breach Notification Rule, even if the company is not subject to...more
California clinics, health facilities, home health agencies, and licensed hospices required to report breaches to the California Department of Public Health (CDPH) under California’s Health and Safety Code Section 1280.15...more
On January 14, 2021, the U.S. Court of Appeals for the Fifth Circuit vacated the civil monetary penalty (CMP) imposed by the Department of Health and Human Services (HHS) against the University of Texas M.D. Anderson Cancer...more
On January 19, 2021, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Enforcement Discretion (Notice) announcing that it will not impose penalties for...more
1/26/2021
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Encryption ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Privacy Settings ,
Public Health Emergency ,
Vaccinations
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services recently published its findings from audits conducted in 2016 and 2017 of covered entities’ and business associates’ compliance with...more
1/15/2021
/ Audits ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
Notice of Privacy Practices ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Right of Access ,
Risk Management ,
Security Risk Assessments
With 2020 officially behind us, what does 2021 have in store for telemedicine and digital health policy? A year ago, our team predicted 2020 would bring “notable expansions in Medicare and Medicaid coverage” and “the...more
1/12/2021
/ American Telemedicine Association ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Department of Justice (DOJ) ,
Digital Health ,
Enforcement Actions ,
Fraud ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medicaid ,
Medicare ,
OIG ,
Public Health Emergency ,
Public Readiness and Emergency Preparedness Act (PREP Act) ,
Reimbursements ,
Telehealth ,
Waivers
On December 10, 2020, the Department of Health and Human Services, Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking (NPRM) to revise the HIPAA Privacy Rule. The proposed revisions to the Privacy Rule seek...more
In 2020, the Office for Civil Rights (OCR) kept the promise it made the prior year to “vigorously enforce” the rights of patients to access and exercise control over their medical records. OCR has settled ten “right of...more
12/11/2020
/ Billing ,
Corrective Action Plans (CAPs) ,
Fees ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
OCR ,
PHI ,
Proposed Rules ,
Right of Access ,
Settlement
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
9/8/2020
/ Compliance ,
Corporate Counsel ,
Data Breach ,
Good Faith ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes ,
Substantial Risk of Harm
On July 15, 2020, a final rule revising the federal regulations governing the Confidentiality of Substance Use Disorder Patient Records (also known as 42 C.F.R. Part 2 or Part 2) was published. The revised rule will implement...more
The Department of Health and Human Services (HHS) announced on April 2 that HHS is exercising its enforcement discretion to permit business associates to use and disclose protected health information (PHI) for public health...more
4/6/2020
/ Business Associates Agreement (BAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management
The Coronavirus Aid, Relief, and Economic Security Act (CARES Act) passed by the Senate on March 25, 2020 would make fundamental changes to the federal law, 42 U.S.C. § 290dd-2, implemented at 42 C.F.R. Part 2 that governs...more
The coronavirus (provisionally named SARS-CoV-2, with its disease being named COVID-19) has now been documented in more than 100 countries and territories. Over 120,000 cases have now been documented across the globe,...more
On December 12, 2019, the Office for Civil Rights (OCR) announced its second enforcement action this year related to an individual’s right to access his/her protected health information (PHI). Korunda Medical, LLC (Korunda)...more
One health system recently learned the cost of relying too heavily on the HIPAA Breach Notification Rule’s “low probability of compromise” standard when it failed to notify all affected individuals and report the HIPAA breach...more
12/5/2019
/ Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Data Breach ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Reporting Requirements ,
Security Risk Assessments ,
Settlement Agreements
Recently proposed changes to the federal regulations governing the confidentiality of substance-use disorder patient records (Part 2) would all but eliminate the most significant and intractable barrier to sharing protected...more
On June 26, 2019, the Department of Health and Human Services Office for Civil Rights (OCR) issued two new FAQs that clarify:
The parameters around covered entities sharing protected health information (PHI) for a...more
On May 24, 2019, the Department of Health and Human Services Office for Civil Rights (OCR) issued a new fact sheet which lists the provisions of the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (HIPAA)...more
5/31/2019
/ Business Associates ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Liability ,
OCR ,
Personally Identifiable Information ,
PHI
The U.S. Department of Health and Human Services (HHS) recently proposed two new rules designed to increase patient and provider access to health records. As stated by HHS in its press release, the proposed rules “will...more
2/21/2019
/ Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Exchanges ,
Health Insurance Portability and Accountability Act (HIPAA) ,
MIPS ,
ONC ,
Patient Privacy Rights ,
Proposed Rules ,
Public Comment
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more