Categories
Alert

Large Health System Agrees To Pay $200,000 as Part of OCR’s Fourteenth Right of Access Initiative Settlement

In its first enforcement action of 2021, on January 12th, the United States Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced it settled with Banner Health its fourteenth enforcement action as part of its HIPAA Right of Access Initiative (the “Initiative”). OCR announced the Initiative in 2019 to ensure individuals can easily and timely access their health information at a reasonable cost under the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule. In 2020, OCR announced eleven settlements as part of the Initiative including most recently against a primary care provider. The Initiative has resulted in settlements with all sizes of providers.

Categories
Alert

HIPAA Safe Harbor Bill Becomes Law; Requires HHS to Incentivize Security

The legislation directs HHS to take into account a covered entity’s or business associate’s use of industry-standard security practices within the course of 12 months, when investigating and undertaking HIPAA enforcement actions, or other regulatory purposes.

Categories
Alert

The OCR Settles another Investigation under the HIPAA Right of Access Initiative

OCR has settled its thirteenth enforcement action under the HIPAA Right of Access Initiative, which involved a primary care physician practicing in the State of Georgia. The physician must pay a Resolution Amount of $36,000.00 and implement a two year Corrective Action Plan following the OCR’s second investigation.

Categories
Alert

Proposed Changes to HIPAA Privacy Rule

HHS has proposed several important changes to the HIPAA Privacy Rule to bring it in line with HHS’s Sprint Toward Coordinated Care initiative. These proposed changes are not yet final. Comments on the proposed rules are due within 60 days of their publication in the Federal Register. Reducing the time that covered entities have to […]

Categories
Alert

HHS Proposes Modifications to the HIPAA Privacy Rule to Empower Patients, Improve Coordinated Care, and Reduce Regulatory Burdens

The proposed changes to the HIPAA Privacy Rule include strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhancing flexibilities for disclosures in emergency or […]

Categories
Highlight

Ways your Healthcare Company is Breaking the Law — Without Realizing it

According to the U.S. Department of Health & Human Services’ Breach Portal, sometimes called the “Wall of Shame,” 418 breaches of HIPAA were reported in 2019. Some 34.9 million Americans had their protected health information (PHI) compromised. How is this still happening? Healthcare companies and practices make the biggest mistake by believing human behavior can […]

Categories
Alert

OCR Settles Tenth Investigation in HIPAA Right of Access Initiative

Riverside Psychiatric Medical Group (“RPMG”) has agreed to take corrective actions and pay $25,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard. RPMG, based in Riverside, California, is a group practice specializing in child and adolescent psychiatry, geriatric psychiatry, neuropsychiatry, psychology, and substance use disorders. OCR received a complaint […]

Categories
Article

Private Schools and the Intersection of HIPAA and FERPA

My wife works as an Administrative Assistant at a local private school. As you might expect, they take very seriously their responsibility to help stop the spread of COVID-19 in the community. As part of their efforts, they require students who were in direct contact with persons diagnosed with COVID-19 to quarantine at home, away […]

Categories
Alert

Data Breaches Can Result in Federal and State Liability

Regulatory bodies continue to impose severe penalties on covered entities who fail to protect patient data from unauthorized disclosure. Community Health Systems, Inc. recently settled claims with HHS Office of Civil rights resulting from a 2014 data breach that exposed personal information of approximately 6.1 million patients for $2.3 million. But settlement with the federal […]

Categories
Alert

OCR Settles Eighth Investigation in HIPAA Right of Access Initiative

Since 2019, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has been prioritizing enforcement actions against covered entities that do not allow patients timely access to their health records at a reasonable cost as required by HIPAA. This month, OCR settled an eighth investigation for $160,000 and […]