As we reflect on the flurry of activity in the health care data privacy and security space in 2023 and look ahead to what will continue to be a busy 2024, we are seeing the early stages of federal agency movement to align the...more
1/26/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Healthcare ,
HIPAA Privacy Rule ,
Information Blocking Rules ,
Mental Health ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Reproductive Healthcare Issues ,
Request For Information ,
SAMHSA ,
Substance Abuse ,
Transparency
In April, 2020, in an effort to facilitate a national pivot to telehealth in light of the COVID-19 Public Health Emergency (PHE), the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a policy...more
5/2/2023
/ Business Associates Agreement (BAA) ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Due Diligence ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Public Health Emergency ,
Security Risk Assessments ,
Subcontractors ,
Vendors
In response to concerns about the confidentiality of protected health information (PHI) related to reproductive health care less than one year after Dobbs v. Jackson Women’s Health Organization decision, and the prospect of...more
Covered Entities and Business Associates should promptly and carefully review their use of online tracking technologies on their websites and mobile apps following a bulletin (Bulletin) published by the U.S. Department of...more
12/8/2022
/ Class Action ,
Compliance ,
Data Collection ,
Dobbs v. Jackson Women’s Health Organization ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
OCR ,
PHI ,
Reproductive Healthcare Issues ,
Risk Assessment ,
Websites
In the wake of the Supreme Court’s ruling in Dobbs vs. Jackson Women’s Health Organization, much has been written about how existing privacy laws, such as the Health Insurance Portability and Accountability Act (“HIPAA”), are...more
A recent settlement agreement between a clinical laboratory and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) to resolve potential HIPAA Security Rule violations proves to be a...more
In the waning days of the Trump administration, the Office for Civil Rights (“OCR”) announced a number of new initiatives, including proposed HIPAA amendments, and a very recent COVID-19 related Notice of Enforcement...more
As we’re all painfully aware, public health issues dominated 2020 and with the country’s attention focused on COVID-19 testing, status, transmission and care, HIPAA went mainstream. Health information became critical not only...more
The Department of Health and Human Services (HHS) is pushing ahead in its Regulatory Sprint to Coordinated Care with a new proposed rule, announced by HHS’ Office for Civil Rights (OCR) on December 10, to modify the HIPAA...more
As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more
12/24/2019
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
Covered Entities ,
Data Breach ,
Data Security ,
Enforcement Actions ,
FBI ,
General Data Protection Regulation (GDPR) ,
Government Investigations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Phishing Scams ,
Ransomware
As we look back on 2017, one message is clear: don’t be a Scrooge when it comes to HIPAA compliance. With ever-evolving security threats and unrelenting enforcement, regulated entities must maintain a spirit of compliance...more
Consumers are increasingly turning to health apps for a variety of medical and wellness-related purposes. This has in turn caused greater amounts of data—including highly sensitive information—to flow through these apps....more
10/26/2017
/ App Developers ,
Business Associates ,
Cloud Service Providers (CSPs) ,
COPPA ,
Covered Entities ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
Encryption ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
OCR ,
Personally Identifiable Information ,
PHI ,
Privacy Policy ,
Subcontractors
Last week, the HHS Office for Civil Rights (OCR) launched an improved version of their HIPAA Breach Reporting Tool (HBRT), commonly referred to by OCR and regulated entities alike as the HIPAA “Wall of Shame.” OCR has also...more
On October 7, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) published guidance to assist cloud service providers (CSPs) and their customers with HIPAA compliance. As discussed below,...more
On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more
7/12/2016
/ Breach Notification Rule ,
Covered Entities ,
Cyber Attacks ,
Data Breach ,
Employee Training ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Hospitals ,
New Guidance ,
OCR ,
PHI ,
Ransomware ,
Security Risk Assessments
Earlier this month the Department of Health and Human Services Office for Civil Rights (OCR) released a revamped audit protocol that now addresses the requirements of the 2013 Omnibus Final Rule. OCR will be using the audit...more
On March 21st, the HHS Office for Civil Rights (“OCR”) officially launched Phase 2 of the HIPAA Audit Program. Covered Entities and Business Associates need to be prepared for these audits and be on the lookout for emails...more
As we have repeatedly emphasized on this blog, HIPAA Covered Entities must ensure that they have compliant business associate agreements (“BAAs”) in place with all of their business associates and must ensure that they have...more
As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015. Incredibly large data breaches became...more
This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more
10/30/2015
/ App Developers ,
Audits ,
Business Associates ,
Corrective Actions ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Fitbit ,
Hackers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
OCR ,
OIG ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI ,
Security Risk Assessments ,
Wearable Technology
As HIPAA-regulated entities anxiously await the commencement of the Phase II HIPAA audit program, the Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) has issued a report critical of...more
10/1/2015
/ Audits ,
Case Management ,
Corrective Actions ,
Covered Entities ,
Documentation ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medicare Part B ,
OCR ,
OIG ,
PHI ,
Regulatory Oversight
……………..a cumbersome C-A-P
The U.S Department of Health and Human Services Office for Civil Rights has received tremendous publicity in recent years for its upward-trendingfines and aggressive enforcement of HIPAA...more
As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more
The most recent Office for Civil Rights (“OCR”) HIPAA enforcement action serves as an important reminder to health care providers of the security risks associated with a mishandled medical records custody transfer and the...more
On March 28, 2014, the Office of Civil Rights (OCR) announced the release of an online and iPad app-based security risk assessment (SRA) tool. The tool is intended to help health care providers in small to medium sized...more