News & Analysis as of September 17, 2024

Business Associates › Medical Records › Department of Health and Human Services (HHS)

+ Follow

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc. less -

Privacy Briefs: May 2024

Health Care Compliance Association (HCCA) on 5/13/2024

Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more

Is Your School District Health Plan Subject to HIPAA?

Bricker Graydon LLP on 4/10/2024

For the vast majority of records maintained by public schools, the Health Insurance Portability and Accountability Act (“HIPAA”) is not applicable. This is because most records that contain medical information related to a...more

42 CFR Part 2 Final Rule Harmonizes Substance Use Disorder Confidentiality Protections with HIPAA

Williams Mullen on 2/15/2024

On February 8, 2024, the federal Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 CFR Part 2 (Part 2) were revised in part to increase patient protection and streamline patient consent...more

HHS Proposes New Rule Aligning Part 2 Regulations with HIPAA

BakerHostetler on 12/6/2022

On November 28, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Substance Abuse Mental Health Services Administration (SAMHSA) announced a Notice of Proposed Rulemaking...more

After a Breach Is Too Late: Ensure BA, Subcontractor Compliance Now

Health Care Compliance Association (HCCA) on 3/25/2021

Report on Patient Privacy 21, no. 3 (March 2021) - Sometime during the fall, a worker for a subcontractor of Humana Inc. decided to share actual member information from medical records via a Google document with people he...more

Awaiting New Leader, OCR Collects NPRM Feedback, Closes Breach, 14th Access Case

Health Care Compliance Association (HCCA) on 2/26/2021

Report on Patient Privacy 21, no. 2 (February 2021) - Unless an extension is granted or the notice of proposed rulemaking (NPRM) is withdrawn, covered entities (CEs) and business associates (BAs) have until late March to...more

Use of PHI for Non-Patient Purposes

Holland & Hart - Health Law Blog on 2/20/2020

In an era of decreasing reimbursement and rapidly expanding opportunities associated with “big data”, healthcare entities may be looking for ways to monetize protected health information (“PHI”) for their own, non-patient...more

Reminder: Coronavirus Emergency Does Not Trump HIPAA Privacy Rule

Fisher Phillips on 2/13/2020

The government just sent a stern reminder to all employers, especially those involved in providing healthcare, that they must still comply with the protections contained in the HIPAA Privacy Rule during the Coronavirus...more

Modified HIPAA Rules for Sending Records to Third Parties

Holland & Hart - Health Law Blog on 2/10/2020

Thanks to a federal judge, the Office for Civil Rights has modified its rules for sending records to third parties. Covered entities are no longer required by HIPAA to send non-electronic protected health information (“PHI”)...more

Federal Court Invalidates 2013 HIPAA Omnibus Rule Regulations and HHS Guidance on Fees for Copies of Medical Records

BakerHostetler on 2/3/2020

In what is being seen as a strong rebuke to years of regulatory overreach, the United States District Court for the District of Columbia entered an order on January 23, 2020 that invalidates provisions of the 2013 Omnibus...more

'Misinterpretation' of Breach Rule, Lack of Internal BAA Cost Hospital Group $2.1M

Health Care Compliance Association (HCCA) on 12/5/2019

Report on Patient Privacy 19, no. 12 (December 2019) - Sentara Hospitals, a nonprofit group of 12 medical centers in Virginia and North Carolina, will implement a fairly minimal two-year corrective action plan (CAP) and...more

HIPAA for HR - Some Good News for Employers

Foley & Lardner LLP on 2/17/2017

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that was enacted to ensure protection of individuals’ protected health information (PHI). The Standards for Privacy of Individually...more

HHS Explains Privacy Rule in Emergency Situations

Winstead PC on 11/13/2014

On November 10, 2014, the U.S. Department of Health and Human Services (HHS) issued a bulletin reminding covered entities and business associates of how they may disclose patient information for public health activities or in...more

HIPAA Omnibus Rule Reshapes Landscape for Health Care Privacy, Security Compliance

Manatt, Phelps & Phillips, LLP on 1/25/2013

Originally published in Health IT Law & Industry Report, on January 23, 2013. On Jan. 17, 2013, the Office for Civil Rights of the U.S. Department of Health and Human Services (‘‘HHS’’) issued a long-awaited omnibus rule...more

14 Results

/

View per page

Page: of 1