News & Analysis as of September 17, 2024

Covered Entities

+ Follow

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc. less -

The Long-Awaited Part 2 Modifications Are Finalized with New Obligations for Part 2 Providers and Less Friction for Sharing...

BakerHostetler on 3/1/2024

On February 8, 2024, the U.S. Department of Health & Human Services (HHS) released a final rule modifying 42 CFR Part 2 (Part 2) provisions regarding the confidentiality of Substance Use Disorder (SUD) Patient Records. The...more

HIPAA on the Horizon in the New Year: Important Lessons from an Active 2023 and Regulatory Initiatives to Watch for in 2024

Dorsey & Whitney LLP on 1/4/2024

2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more

FTC Takes First Enforcement Action for Violation of the Health Breach Notification Rule - A Federal Health Privacy Rule Beyond...

Dorsey & Whitney LLP on 2/16/2023

On February 1, 2023, the Federal Trade Commission (FTC) filed a complaint in the U.S. District Court for the Northern District of California alleging that digital health platform GoodRx violated the FTC Act by repeatedly...more

As Covered Entities Inch Toward Normalcy, Thorny Worker, Patient Privacy Issues Arise

Health Care Compliance Association (HCCA) on 6/15/2020

Report on Patient Privacy 20, no. 6 (June 2020): Being a health care provider in the midst of a pandemic is complicated enough, between offering telehealth services, perhaps for the first time, and helping workers continue...more

HHS OCR to Exercise Enforcement Discretion to Allow Business Associates to Share PHI for Public Health and Health Oversight...

Akin Gump Strauss Hauer & Feld LLP on 4/13/2020

On April 2, 2020, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that the agency will exercise enforcement discretion with respect to certain uses and disclosures of protected...more

Report on Patient Privacy Volume 20, Number 3. Privacy Briefs: March 2020

Health Care Compliance Association (HCCA) on 3/19/2020

Report on Patient Privacy 20, no. 3 (March 2020) - As the new coronavirus, COVID-19, spreads across the United States, the HHS Office for Civil Rights (OCR) is reminding HIPAA covered entities and business associates that...more

St. Elizabeth’s Medical Center Pays $218,400 to Settle Alleged HIPAA Security Case Stemming from Use of Cloud-Based Document...

Latham & Watkins LLP on 9/2/2015

Alleged HIPAA Violations Resulted from Medical Center’s Failure to Risk Assess Internet-Based Document Sharing Application and Inadequate Breach Response. The US Department of Health and Human Services (HHS) Office for...more

7 Results

View per page

Page: of 1