On July 1, 2024, the U.S. Department of Health and Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) published a final rule...more
7/12/2024
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Information Blocking Rules ,
Investigations ,
Medicare ,
MIPS ,
OIG ,
ONC ,
Penalties ,
Popular ,
Reimbursements
The U.S. District Court for the Northern District of Texas ruled that HHS's December 1, 2022, guidance applying HIPAA to online tracking technologies is unlawful with respect to its treatment of certain combinations of...more
The U.S. Department of Health and Human Services (HHS) this week released final amendments to the HIPAA Privacy Rule to further protect the privacy of protected health information (PHI) related to reproductive health care....more
4/29/2024
/ Attestation Requirements ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HITECH Act ,
New Amendments ,
Patients ,
PHI ,
Policies and Procedures ,
Reproductive Healthcare Issues
Changes to guidance are unlikely to mitigate widespread concerns -
On March 18, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) revised its controversial guidance on how HIPAA applies...more
The long-anticipated final rule addressing substance use disorder (SUD) records at 42 C.F.R. Part 2, commonly referred to as Part 2, is here. The final rule is a joint undertaking by the U.S. Department of Health and Human...more
2/21/2024
/ Breach Notification Rule ,
CARES Act ,
Civil Monetary Penalty ,
Confidentiality Policies ,
Consent Agreements ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Enforcement ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Penalties ,
PHI ,
Risk Assessment ,
SAMHSA ,
Substance Abuse
February 29, 2024, is the date by which HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of all "small" breaches of unsecured protected health information that...more
The U.S. Department of Health and Human Services ("HHS") issued a concept paper describing its overarching strategy to address healthcare cybersecurity. The concept paper builds on the Biden-Harris Administration's National...more
12/18/2023
/ Cybersecurity ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Medicare ,
OCR ,
Popular
While health care providers have been required to comply with the 21st Century Cures Act Information Blocking Rule (the Rule) since April 5, 2021, as of yet there is no enforcement mechanism in place with respect to the Rule...more
11/2/2023
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Healthcare ,
Healthcare Reform ,
Information Blocking Rules ,
ONC ,
Proposed Rules ,
Regulatory Requirements
Continued advancement in artificial intelligence offers great promise to improve health care. But AI feeds on tremendous amounts of data, and using protected health information (PHI) to develop or improve AI often involves...more
The Department of Health and Human Services ("HHS") has proposed amendments to the Confidentiality of Substance Use Disorder Patient Records Rule, 42 C.F.R. part 2 (the "Part 2 Rule") with a comment deadline of January 31....more
1/16/2023
/ CARES Act ,
Comment Period ,
Data Management ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Health Record Incentives ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach Notification Rule ,
Medical Records ,
Patient Privacy Rights ,
Substance Abuse
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued a bulletin on December 1, 2022, clarifying that "regulated entities are not permitted to use tracking technologies in a manner that would...more
In two weeks, on October 6, 2022, the scope of the 21st Century Cures Act Information Blocking Rule expands to prohibit health care providers from blocking or interfering with patient access to any electronic information in a...more
On June 13, 2022, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced new guidance on using remote communication technologies to provide audio-only telehealth services in compliance with...more
Just one month remains to comment on the U.S. Department of Health and Human Services (HHS) Office for Civil Rights' (OCR) current Request for Information (RFI), which seeks public input on the implementation of two statutory...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced four enforcement resolutions at the end of March 2022, with issues ranging from the misuse of protected health information (PHI)...more
It used to be easy to calculate HIPAA penalties in your head—$50,000 per violation and up to $1.5 million per calendar year for multiple violations of the same HIPAA provision. But those days of easy math are long gone since...more
The U.S. Department of Health and Human Services (HHS) recently announced a 45-day extension of the comment period for proposed changes to the HIPAA Privacy Rule. The deadline for submitting comments now has been pushed from...more
On January 21, 2021, the Department of Health and Human Services (HHS) published proposed changes to the privacy rule (Privacy Rule) of the Health Insurance Portability and Accountability Act (HIPAA). This Notice of Proposed...more
When COVID-19 first began to spread in the United States, a recurring question we received was whether employers become subject to HIPAA by taking employee temperatures or collecting medical information. The answer generally...more
As the November 2 compliance date quickly approaches, healthcare providers are finding that tackling the new "information blocking" regulations from the U.S. Department of Health and Human Services requires substantial...more
While the healthcare industry is under siege battling COVID-19, on March 9, 2020, the U.S. Department of Health and Human Services (HHS) moved ahead and finalized two long-awaited and controversial rules related to...more
Artificial intelligence (AI) has become part of our daily lives, from greeting us in the morning through smart home devices, creating shopping lists, playing music, setting timers, and alerting us of a traffic jam on our...more
The Department of Health and Human Services Office for Civil Rights (OCR) today announced that it is lowering the maximum total penalties it may assess against covered entities and business associates for multiple violations...more
When a patient publicly disparages a health care provider, HIPAA leaves the health care provider in a seemingly impossible situation. If the health care provider does not respond and dispute the allegation, then its...more
Recent statements at the 27th National HIPAA Summit suggest that the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) may be changing its position and expecting a greater level of vendor due...more