Kim Stanger

Kim Stanger

Holland & Hart LLP

Contact

Readers' Choice Awards

Healthcare
View Bio
RSS

Latest Posts › Department of Health and Human Services (HHS)

Share:

Use of PHI for Non-Patient Purposes

In an era of decreasing reimbursement and rapidly expanding opportunities associated with “big data”, healthcare entities may be looking for ways to monetize protected health information (“PHI”) for their own, non-patient...more

2/20/2020  /  Business Associates , Business Associates Agreement (BAA) , Consent , Consumer Privacy Rights , Covered Entities , Data Collection , Data Privacy , Data Sellers , Data Use Policies , De-Identified Protected Health Information , Department of Health and Human Services (HHS) , Disclosure Requirements , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Privacy Rule , Information Sharing , Medical Records , Notice Requirements , OCR , PHI , Privacy Policy

Modified HIPAA Rules for Sending Records to Third Parties

Thanks to a federal judge, the Office for Civil Rights has modified its rules for sending records to third parties. Covered entities are no longer required by HIPAA to send non-electronic protected health information (“PHI”)...more

2/10/2020  /  Business Associates , Covered Entities , Data Protection , Data Transfers , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Omnibus Rule , HITECH Act , Medical Records , OCR , Patient Privacy Rights , PHI , Records Request , Right of Access

HIPAA, Psychotherapy Notes, and Other Mental Health Records

The HIPAA privacy rules give special protection to “psychotherapy notes,” but providers often misunderstand what are and are not covered and how they differ from other mental health records. I. “Psychotherapy Notes”...more

1/29/2020  /  Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare Facilities , HIPAA Privacy Rule , Medical Records , Mental Health , NPRM , OCR , Professional Disciplinary Actions

Encrypt Your Devices or Face HIPAA Penalties

This week, the Office for Civil Rights (“OCR”) announced a $3,000,000 HIPAA settlement arising from a medical center’s loss of an unencrypted laptop and flash drive. This is simply the latest of many HIPAA settlements based...more

11/8/2019  /  Business Associates , Covered Entities , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Encryption , Enforcement Actions , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Breach Notification Rule , HIPAA Security Rule , HITECH Act , Laptop Computers , Mobile Devices , OCR , Penalties , Settlement

Business Associates’ Use of Information for Their Own Purposes

Business associates may want to use a covered entity’s protected health information (“PHI”) for the business associates’ own purposes, e.g., for their own product development, data aggregation, marketing, etc. However, with...more

9/6/2019  /  Business Associates , Covered Entities , Cybersecurity , Data Protection , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Privacy Rule , OCR , PHI

Common Stark Concerns for Hospitals

Unless structured properly, a hospital’s financial relationship with referring physicians or other providers may violate the federal Ethics in Patient Referrals Act (“Stark”) and Anti-Kickback Statute (“AKS”), resulting in...more

3/14/2019  /  Anti-Kickback Statute , Department of Health and Human Services (HHS) , Hospitals , Patient Referrals , Physicians , Stark Law

HIPAA Breach Notification: When and How to Self-Report

So you just discovered that protected health information (“PHI”) from your organization was improperly accessed or disclosed. Are you required to self-report the violation to the affected individual and HHS? HIPAA Breach...more

1/9/2019  /  Breach Notification Rule , Cybersecurity , Department of Health and Human Services (HHS) , HIPAA Breach , HIPAA Privacy Rule , PHI , Reporting Requirements , Self-Reporting

Department of Health & Human Services Upgrades Security Risk Assessment Tool

Under the Health Information Privacy and Portability Act (HIPAA), “covered entities” (generally speaking health care providers and their business associates) must all complete a risk assessment to identify and mitigate...more

11/1/2018  /  Covered Entities , Data Protection , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Popular , Risk Assessment

Handling HIPAA Breaches: Investigating, Mitigating and Reporting

HIPAA privacy and security violations can result in fines of $110 to $55,100 to covered entities (including healthcare providers and health plans) and their business associates. (45 CFR 160.404). If the violation resulted...more

10/22/2018  /  Cyber Attacks , Cybersecurity , Department of Health and Human Services (HHS) , Electronic Medical Records , Hackers , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Breach , Notice Requirements , OCR , Personally Identifiable Information , PHI
34 Results
 / 
View per page
« Previous
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide