What's the Tea in L&E? Can You Share An Employee's Medical Info?
Podcast: Discussing Information Blocking with Eddie Williams
Podcast: Keeping an Eye on HIPAA Trends with Shannon Hartsfield
A Zero Percent Error Rate: An Inspiring Story on How to Get There
Expanded Information Block Rules Go into Effect
Podcast: Interoperability: Information Blocking Claims and Enforcement - Diagnosing Health Care
Podcast: Interoperability: Health Care's Next Disruptor Is openEHR - Diagnosing Health Care
Podcast: Interoperability: A New Vision Through openEHR - Diagnosing Health Care
Taking the Pulse, A Health Care and Life Sciences Podcast | Episode 99: David Stefanich, Co-founder and CEO, Rymedi
Podcast: Interoperability - the Role of Health Information Exchanges - Diagnosing Health Care
Gerry Blass on Healthcare Vendor Risk Management
Hooper, Kearney and Macklin on Cutting Edge Topics in the False Claims Act
AGG Talks: Technology - In the Balance: Interoperability and Security
The New Information Blocking Rule: What It Means For Hospices
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
From NC State to Changing the State of Health Information Networks, with Medicom Technologies’ Malcolm Benitz
Exploring Digitization of Health and Medical Data and Records Part Two
Exploring Digitization of Health and Medical Data and Records Part One
Patient Records Requests: What You Need to Know
Electronic Medical Records: Help or Hindrance?
Over the course of the past few months, the Office of Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC), both of which are divisions of the U.S. Department of Health and...more
As our loyal Practical Privacy readers may remember, back in December of 2021, the Federal Trade Commission (the “FTC” or “Commission”) began a rulemaking process to update the Commission’s Health Breach Notification Rule...more
On February 8, 2024, the Department of Health and Human Services (HHS) posted a final rule that aims to align 42 CFR Part 2 (Part 2) — which protects certain substance abuse disorder (SUD) records — with the Health Insurance...more
On January 1, California's Assembly Bill No. 352 (AB 352) went into effect, introducing significant changes to the handling and sharing of sensitive health information — particularly information related to reproductive health...more
Recent developments at the federal and state level demonstrate that regulators are focused on protecting consumer health data. Specifically, state and federal regulators want to close the gap between HIPAA-protected data and...more
To say there’s been a lot of new privacy law in the last decade is an understatement. For those of us who think we’ve “seen it all,” many of these new laws arrive and elicit a sense of challenge (for the optimists) or mild...more
Report on Patient Privacy Volume 23, no 1 (January 2023) The Centers for Medicare & Medicaid Services (CMS) said a data breach at a Medicare subcontractor impacted the personally identifiable information and protected...more
You’ve probably either played the game “Whac-a-Mole” yourself as a kid, or you watched your kid play it, at a Chuck E. Cheese or another similar arcade. It’s a simple game with five holes in which moles pop up and a soft...more
HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more
Report on Patient Privacy 22, no. 1 (January, 2022) - New Jersey issued its third settlement in three months on state-level health care privacy and security laws, announcing that three cancer care providers would adopt new...more
A myopic focus on protecting EMR (Electronic Medical Records) systems has left healthcare organizations open to shadow information risk. In a world where hackers and ransomware criminals are regularly compromising healthcare...more
In 2018, we published an article on Walgreens’ use of session replay scripts and how such use could lead to an accidental data breach under HIPAA. Last week, an article in Vox explained how Walgreens was again apparently...more
Report on Patient Privacy 21 no. 9 (September, 2021) - DuPage Medical Group in Chicago said that the personal information of more than 600,000 patients may have been compromised in a July cyberattack. The medical group,...more
Cyberattacks against healthcare providers accounted for 79% of all reported data breaches in 2020. (See here). The U.S. Department of Health and Human Services’ (HHS) Office of the Assistant Secretary for Preparedness and...more
In Part 1 of our information blocking series, we introduced readers to the fundamentals of information blocking, including definitional terms, information blocking exceptions, and compliance deadlines and penalties for health...more
Report on Patient Privacy 20, no. 11 (November 2020) - HHS Office of the National Coordinator (ONC) for Health Information Technology (ONC) is giving health care organizations more time to meet new rules on information...more
On May 1, 2020, the U.S. Department of Health and Human Services (HHS) signaled a paradigm shift in the manner in which patient electronic health information (EHI) is accessed, used, and disclosed....more
On October 8, 2020, New Jersey Attorney General Gurbir Grewal (AG) announced that his office has entered into a multi-state settlement agreement with Community Health Systems, Inc. (CHS) stemming from an investigation of a...more
Regulatory bodies are upping the ante when it comes to settling with companies that have suffered data breaches. In addition to the below settlements, see also the settlement between the OCR and Dignity Health....more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that it has settled potential violations of HIPAA with Athens Orthopedic Clinic PA (Athens) for $1.5 million, following an...more
With apologies to John Donne, ask not for whom the bells tolls, HIPAA business associates, it tolls for thee! While it has been the law for some time that business associates could be held directly liable for breaches,...more
Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion....more
The Department of Health and Human Services (HHS) announced on April 2 that HHS is exercising its enforcement discretion to permit business associates to use and disclose protected health information (PHI) for public health...more
On March 9, 2020, the Department of Health and Human Services (HHS) announced final rules seeking to give patients more access to, and control of, their health data. The final rules were issued by the Office of the National...more
Health care organizations continue to be a popular target for hackers. According to information from the U.S. Department of Health & Human Services (HHS), over 30 reports of data breaches have been filed by health care...more