Tag: HIPAA

Does HIPAA Apply to Veterinarians?

Post author By WadeEmmert
Post date July 25, 2024

Summary of article from The HIPAA Journal, by Steve Adler:

HIPAA does not apply to veterinarians because they do not conduct electronic healthcare transactions for which the Department of Health and Human Services has adopted standards, thus not qualifying as HIPAA covered entities. However, veterinarians are subject to various state-level data privacy and breach notification laws that resemble HIPAA regulations. For instance, California law prohibits the unauthorized disclosure of information concerning animal patients and their owners, with specific exceptions. Additionally, veterinarians handling data of EU citizens must comply with the GDPR. The American Veterinary Medical Association (AVMA) provides guidelines to help veterinarians navigate these diverse data privacy regulations.

Tags HIPAA

Health Law Highlights

OCR Settles Alleged HIPAA Violations for $950,000 Following 2017 Ransomware Attack

Post author By WadeEmmert
Post date July 14, 2024

Summary of article from King & Spalding, by Elizabeth Kimball Key:

On July 1, 2024, the HHS Office of Civil Rights (OCR) announced that Heritage Valley Health System agreed to pay $950,000 to settle alleged HIPAA violations following a 2017 ransomware attack. The settlement includes a corrective action plan (CAP) to address compliance gaps, marking the third HIPAA enforcement action involving ransomware. The OCR’s investigation revealed several potential HIPAA violations, including inadequate risk analysis, lack of a contingency plan, and insufficient access controls for electronic protected health information (ePHI). As part of the CAP, Heritage Valley will conduct a comprehensive risk analysis, implement a risk management plan, update its policies and procedures, and train its workforce on HIPAA compliance. OCR highlighted a significant increase in ransomware-related breaches, underscoring its enforcement priority.

Tags HIPAA, Ransomware

Health Law Highlights

Texas Retina Associates Cyberattack Affects 312,000 Patients

Post author By WadeEmmert
Post date July 8, 2024

Summary of article from The HIPAA Journal, by Steve Adler:

A cyberattack on Texas Retina Associates, the largest ophthalmology practice in Texas, has compromised the sensitive data of 312,867 patients. The breach, which occurred from October 8, 2023, to March 27, 2024, exposed personal information including names, addresses, Social Security numbers, and medical details. Texas Retina Associates has since secured its systems, enhanced cybersecurity measures, and provided additional training to its staff. Notifications are being issued to affected individuals as a precaution, and a helpline has been established for further assistance. The practice has not mentioned offering complimentary credit monitoring or identity protection services.

Tags Cybersecurity, HIPAA

Health Law Highlights

HIPAA Unique Identifiers Explained

Post author By WadeEmmert
Post date July 2, 2024

Summary of article from The HIPAA Journal, by Steve Adler:

HIPAA mandates unique identifiers for employers, health plans, and healthcare providers to enhance transaction efficiency and reduce administrative costs, though no standards for individual identifiers were adopted due to cost and complexity. Employer identifiers use IRS-issued EINs, while health plan identifiers, initially introduced in 2012, were rescinded in 2019 due to implementation challenges. Healthcare providers use National Provider Identifiers (NPIs), established before HIPAA and extended in 2004. It’s crucial to distinguish these HIPAA unique identifiers from PHI identifiers, which must be removed for data de-identification. Entities uncertain about these distinctions should seek HIPAA compliance guidance to avoid violations.

Tags HIPAA

Health Law Highlights

Six Months to Go: HIPAA Privacy Rule Changes Require Additional Diligence

Post author By WadeEmmert
Post date June 27, 2024

Summary of article from Taft Privacy & Data Security Insights, by Scot Ganow:

The Department of Health and Human Services (HHS) has issued final regulations modifying the HIPAA Privacy Rule to protect individuals’ reproductive health information, effective June 25, 2024, with compliance required by December 23, 2024. These changes prohibit HIPAA-regulated entities from disclosing protected health information (PHI) for purposes of investigating or imposing liability for lawful reproductive health care. Additionally, the regulations establish a presumption of lawfulness for reproductive care and mandate obtaining signed attestations for certain disclosures. HIPAA-covered entities and business associates must update their policies, procedures, agreements, and training to align with these new requirements. Notices of privacy practices must also be revised by February 16, 2026.

Tags HIPAA

Health Law Highlights

Texas Judge Upholds Hospitals’ Right to Use Online Tracking Technology

Post author By WadeEmmert
Post date June 25, 2024

Summary of article from The Record, by Suzanne Smalley:

A Texas federal judge ruled that the Biden administration’s policy to limit hospitals’ use of online tracking technology overstepped its authority. The policy, issued by the HHS in 2022, aimed to protect user privacy by warning that third-party data collection could violate HIPAA. Despite the HHS’s recent revision and warnings about the risks of technologies like Meta/Facebook Pixel and Google Analytics, the judge found that the guidance improperly extended HIPAA’s reach to data from public website searches. This decision followed a lawsuit from the American Hospital Association and other plaintiffs. The ruling underscores the complexity and extensive reach of federal regulations in modern life.

Tags Cybersecurity, HIPAA

Health Law Highlights

Feds Announce Final Penalties for Information Blocking. Hospitals and Medical Groups Aren’t Happy

Post author By WadeEmmert
Post date June 25, 2024

Summary of article from Chief Healthcare Executive, by Ron Southwick:

The U.S. Department of Health & Human Services has finalized rules to prevent information blocking, imposing significant financial penalties on hospitals, clinicians, and medical groups that fail to share health information freely. Hospitals could face reductions in federal aid and substantial financial disincentives, while clinicians and medical groups could see reduced reimbursements and other penalties. The American Hospital Association and the Medical Group Management Association have criticized the penalties as excessive and punitive, urging for more collaborative approaches. The rule also affects Accountable Care Organizations by barring violators from participating in the Medicare Shared Savings Program for at least a year. These measures will take effect 30 days after the rule’s publication.

Tags HIPAA, Information Blocking

Health Law Highlights

Court Strikes Down HHS “Guidance” Regarding Online Tracking Technologies and HIPAA: Implications for Healthcare Providers

Post author By WadeEmmert
Post date June 24, 2024

Summary of article from Health Law Attorney Blog:

In a recent decision, the United States District Court for the Northern District of Texas partially granted summary judgment to the plaintiffs, striking down the HHS rule that expanded the definition of “Individually Identifiable Health Information” (IIHI) to include the combination of an individual’s IP address and their visits to healthcare providers’ websites. The Court ruled that HHS exceeded its statutory authority under HIPAA and imposed new legal obligations without proper rulemaking procedures. This decision relieves healthcare providers from the significant compliance burdens associated with the now-invalidated rule. Providers should review their use of tracking technologies to ensure compliance with the ruling and stay informed about any new guidance from HHS. This case underscores the necessity for clear, consistent regulatory guidance aligned with statutory definitions and procedural norms.

Tags HHS, HIPAA

Health Law Highlights

The Role of Nursing Education in Ensuring HIPAA Compliance

Post author By WadeEmmert
Post date June 24, 2024

Summary of article from The HIPAA Journal, by Dr. Randolf F. R. Rasch:

The escalating issue of HIPAA violations by nurses poses significant legal and financial risks for healthcare institutions. Despite mandatory annual training, many nurses are inadequately prepared for compliance due to gaps in both initial and ongoing education. A 2023 survey underscores these deficiencies, revealing that only 24% of healthcare organizations provide annual HIPAA training and fewer than 3% offer this crucial training solely during employee orientation. This lack of comprehensive and continuous education leaves nurses vulnerable to breaches in patient privacy and electronic health information integrity. Addressing these gaps through enhanced training and vigilant surveillance is essential for protecting both patient data and the institutions that employ healthcare professionals.

Tags HIPAA, Texas Board of Nursing

Health Law Highlights

Justice Department Unseals Documents in Texas Children’s HIPAA Violation Case

Post author By WadeEmmert
Post date June 18, 2024

Summary of article from Becker’s Hospital Review, by Naomi Diaz:

The U.S. Justice Department unsealed documents concerning Dr. Eithan Haim, who is accused of violating the Health Insurance Portability and Accountability Act (HIPAA) by illegally accessing and leaking internal documents from Texas Children’s Hospital. The documents pertained to gender-affirming services and included patients’ personal health information. Dr. Haim allegedly obtained this information with the intent to cause harm to the hospital. He shared these documents with a senior fellow at the Manhattan Institute, in May 2023. If convicted, Dr. Haim could face a maximum of 10 years in federal prison and a fine of up to $250,000.

Tags HIPAA, Hospitals