Categories
Alert

Large Health System Agrees To Pay $200,000 as Part of OCR’s Fourteenth Right of Access Initiative Settlement

In its first enforcement action of 2021, on January 12th, the United States Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced it settled with Banner Health its fourteenth enforcement action as part of its HIPAA Right of Access Initiative (the “Initiative”). OCR announced the Initiative in 2019 to ensure individuals can easily and timely access their health information at a reasonable cost under the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule. In 2020, OCR announced eleven settlements as part of the Initiative including most recently against a primary care provider. The Initiative has resulted in settlements with all sizes of providers.

Categories
Alert

HIPAA Safe Harbor Bill Becomes Law; Requires HHS to Incentivize Security

The legislation directs HHS to take into account a covered entity’s or business associate’s use of industry-standard security practices within the course of 12 months, when investigating and undertaking HIPAA enforcement actions, or other regulatory purposes.

Categories
Alert

Proposed Changes to HIPAA Privacy Rule

HHS has proposed several important changes to the HIPAA Privacy Rule to bring it in line with HHS’s Sprint Toward Coordinated Care initiative. These proposed changes are not yet final. Comments on the proposed rules are due within 60 days of their publication in the Federal Register. Reducing the time that covered entities have to […]

Categories
Alert

HHS Proposes Modifications to the HIPAA Privacy Rule to Empower Patients, Improve Coordinated Care, and Reduce Regulatory Burdens

The proposed changes to the HIPAA Privacy Rule include strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhancing flexibilities for disclosures in emergency or […]

Categories
Highlight

Ways your Healthcare Company is Breaking the Law — Without Realizing it

According to the U.S. Department of Health & Human Services’ Breach Portal, sometimes called the “Wall of Shame,” 418 breaches of HIPAA were reported in 2019. Some 34.9 million Americans had their protected health information (PHI) compromised. How is this still happening? Healthcare companies and practices make the biggest mistake by believing human behavior can […]

Categories
Highlight

Office of the National Coordinator for Health IT Extends Compliance Deadlines under Interoperability Final Rule

In an effort to provide additional relief to a health care system strained by the COVID-19 pandemic, the Office of the National Coordinator for Health IT (“ONC”) released an Interim Final Rule with Comment Period (“IFC”) on October 29, 2020 that extends the compliance dates under the 21st Century Cures Act Interoperability, Information Blocking, and […]

Categories
Alert

OCR Settles Tenth Investigation in HIPAA Right of Access Initiative

Riverside Psychiatric Medical Group (“RPMG”) has agreed to take corrective actions and pay $25,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard. RPMG, based in Riverside, California, is a group practice specializing in child and adolescent psychiatry, geriatric psychiatry, neuropsychiatry, psychology, and substance use disorders. OCR received a complaint […]

Categories
Article

Private Schools and the Intersection of HIPAA and FERPA

My wife works as an Administrative Assistant at a local private school. As you might expect, they take very seriously their responsibility to help stop the spread of COVID-19 in the community. As part of their efforts, they require students who were in direct contact with persons diagnosed with COVID-19 to quarantine at home, away […]

Categories
Alert

Data Breaches Can Result in Federal and State Liability

Regulatory bodies continue to impose severe penalties on covered entities who fail to protect patient data from unauthorized disclosure. Community Health Systems, Inc. recently settled claims with HHS Office of Civil rights resulting from a 2014 data breach that exposed personal information of approximately 6.1 million patients for $2.3 million. But settlement with the federal […]