When it comes to compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), is your house in order? Has someone recently looked underneath the counter and...more
3/20/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
PHI ,
Policies and Procedures ,
Risk Management ,
Training
The compliance deadline for changes to the privacy of reproductive health information is fast approaching, with the new rules taking effect on December 23, 2024. Earlier this year, new regulations under the Health Insurance...more
On April 12, 2023, the Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced proposed changes to HIPAA’s Privacy Rule with regard to reproductive health information. The proposed changes are set out in a...more
6/6/2023
/ Abortion ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
HIPAA Privacy Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
PHI ,
Pregnancy ,
Regulatory Agenda ,
Reproductive Healthcare Issues ,
Roe v Wade ,
Women's Rights
HHS Releases Cybersecurity Guide -
On March 8, 2023 the Department of Health and Human Services released a cybersecurity implementation guide for the health care industry—the HPH Sector Cybersecurity Framework...more
Providers oftentimes ask how long they need to retain certain types of medical information. While there are some general rules regarding the timeframes for retaining medical information, the specific answer varies depending...more
10/18/2022
/ Data Retention ,
Document Destruction ,
Electronically Stored Information ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personal Information ,
PHI ,
Policies and Procedures ,
Record Retention ,
Regulatory Requirements
Cyber-attacks on health care entities are becoming increasingly frequent, and the resulting data breaches are often complex. In the event of a cyber-attack, health care entities and their business associates must adhere to...more
Resources -
Safer Federal Workforce Task Force Updates Guidance for Federal Contractors -
On November 10, 2021, the Safer Federal Workforce Task Force updated its Guidance for Federal Contractors (“Guidance”). As...more
11/17/2021
/ Biden Administration ,
Coronavirus/COVID-19 ,
Emergency Management Plans ,
Employer Mandates ,
Equal Employment Opportunity Commission (EEOC) ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Federal Employees ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Infectious Diseases ,
Marijuana ,
Model Contract Clauses ,
OSHA ,
Public Health Emergency ,
Regulatory Requirements ,
Religious Exemption ,
Vaccinations ,
Workplace Safety
Helpful hints -
OIG Updates Health Care Fraud Self-Disclosure Protocol (“SDP”) -
On November 8, 2021, the OIG issued an updated SDP to providers, which included clarifications of existing guidance and increased the minimum...more
11/16/2021
/ Centers for Medicare & Medicaid Services (CMS) ,
Disproportionate Share Adjustments ,
Employer Mandates ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Fraud ,
Medicaid ,
Medicare ,
OIG ,
Outpatient Prospective Payment System (OPPS) ,
Physician Fee Schedule ,
Self-Disclosure Requirements ,
Vaccinations
Helpful Hints -
ADPH Says Vaccine Administration is Limited at this Time The Alabama Department of Public Health issued a press release on January 11, 2021, urging Alabamians to have patience in receiving the COVID-19...more
1/29/2021
/ 1135 Waivers ,
Centers for Medicare & Medicaid Services (CMS) ,
Clinical Trials ,
Coronavirus/COVID-19 ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Infectious Diseases ,
OCR ,
Right of Access ,
Stark Law ,
Vaccinations
The Office for Civil Rights (“OCR”), the entity responsible for HIPAA compliance and enforcement, has issued a series of guidance documents regarding the interplay of HIPAA and the COVID-19 pandemic. The most recent guidance...more
Over the past several months, the Office for Civil Rights (“OCR”), the entity responsible for compliance with and enforcement of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations...more
Over the past several weeks, the Office for Civil Rights (“OCR”), the entity responsible for compliance with and enforcement of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations...more
What have you done for me lately? Now that the tune is stuck in your head, specifically, have you recently conducted a thorough and up to date risk assessment in accordance with the requirements of the Health Insurance...more
8/15/2019
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Electronic Medical Records ,
Failure to Comply ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Medical Records ,
OCR ,
PHI ,
Risk Assessment
The Office of Civil Rights (“OCR”) is the federal agency that oversees compliance with the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations (“HIPAA”). In that regard, among other...more
5/10/2019
/ Cyber Attacks ,
Data Breach ,
Electronic Medical Records ,
Government Investigations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Risk Mitigation
The U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) was hard at work at the end of 2018—emphasizing the active efforts we have seen for the past few years from OCR. Below is a brief summary of some...more
3/7/2019
/ Comment Period ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Information Sharing ,
Mental Illness ,
OCR ,
Opioid ,
Personal Data ,
PHI ,
Privacy Policy ,
Value-Based Care
As January gets underway, it is common for us to reflect back on the prior year and set goals for the upcoming year. Whether it is losing weight or maintaining better relationships with loved ones, New Year’s resolutions are...more
In this day in age where a vast amount of information is stored electronically and you can buy almost anything with a “1-click” purchase, it comes as no surprise that cyber incidents are on the rise, especially among...more
In the age of electronic medical records and ransomware attacks, recent focus with regard to HIPAA compliance seems to be on electronic security. How are your electronic medical records stored? Do you require two-factor...more
7/11/2018
/ Cyber Attacks ,
Data Breach ,
Electronic Devices ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management
In light of the recent incident in Las Vegas, the Office of Civil Rights (“OCR”), the government entity responsible for HIPAA Compliance, issued clarification guidance on the ability of a health care provider to share...more
Every where you look these days, there seems to be another report of a cyber attack--attacks which do not discriminate based on industry type, size of business, or impact. In other words, everyone is vulnerable. In fact, the...more
7/18/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management ,
US-CERT
In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more
2/13/2017
/ Breach Notification Rule ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Malware ,
OCR ,
PHI ,
Ransomware ,
Reporting Requirements ,
Strict Compliance
The Joint Commission recently announced a change in its policies whereby it will now allow providers to communicate patient orders via text message. The policy applies to all Joint Commission accreditation programs. While the...more
In an effort to review and examine compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA"), the Department of Health and Human Services Office for Civil...more
A patient arrives at your facility with Ebola-like symptoms. After taking the necessary precautions, you run the requisite tests, conduct a patient interview, and determine that in fact the patient has contracted the Ebola...more
On January 17, 2013, the Department of Health and Human Services ("HHS") released its longawaited final HIPAA rule, which significantly expands certain obligations for covered entities and their business associates (the...more