Over the course of the past few months, the Office of Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC), both of which are divisions of the U.S. Department of Health and Human Services (HHS), have issued a series of new regulations and guidance related to the Health Insurance
Edward I. Leeds
HIPAA Breach Notifications – A Question of Timing
You are the HIPAA privacy official of a hospital or health plan (a covered entity under HIPAA). You receive an email from a vendor that handles protected health information (a business associate), informing you that one month ago an unauthorized actor infiltrated its information systems. The intruder may have gained access to information about your…
Washington State Poised to Pass Consumer Health Privacy Law
The State of Washington appears close to enacting a new law that regulates the privacy of consumer health information. If passed, the new law – the My Health My Data Act (MHMDA) –would take effect March 31, 2024 and apply to non-governmental entities that collect, process, share, or sell health information that can be linked…
HHS Clarifies Applicability of HIPAA Privacy Rule to COVID-19 Vaccination Status Requests
The U.S. Department of Health and Human Services (HHS) released guidance to address how the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule applies to various entities’ requests for information related to an individual’s COVID-19 vaccination status.
HHS emphasized that the Privacy Rule applies only to covered entities, including health plans and most…
OCR’s HIPAA Resolution Agreements: the Year Thus Far
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has continued its enforcement of HIPAA’s privacy and security rules in the new administration, announcing a number of settlements of alleged violations in the first seven months of 2021. This settlement activity followed a few other significant HIPAA developments…
A Fast Start: 2021 Begins With Major HIPAA Developments
The new year began with an unusual amount of activity related to the Health Insurance Portability and Accountability Act (HIPAA). Health care providers, health plans, health care clearinghouses, and business associates subject to HIPAA will need to consider three significant developments—one regulatory, one legislative, and one judicial—relating to the Privacy and Security Rules under HIPAA and the related Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH).
Continue Reading A Fast Start: 2021 Begins With Major HIPAA Developments
OCR Issues Guidance Related to PHI Disclosures During COVID
On December 18, 2020, the United States Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued guidance specific to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the COVID-19 public health emergency. The guidance addresses permitted HIPAA disclosures of Protected Health Information (“PHI”) by covered entities and business associates via health information exchanges (“HIEs”) for certain public health purposes.
Continue Reading OCR Issues Guidance Related to PHI Disclosures During COVID
Hospitals Beware: A Cyberattack Alert
The Cybersecurity Infrastructure Security Agency, Federal Bureau of Investigation, and Department of Health and Human Services have jointly posted an advisory to warn hospitals and other health care providers about the threat of malicious attacks on their information systems. At least six hospitals across the United States were recently victimized by attacks using Trickbot malware…
HHS Announces Eight HIPAA Settlements
Following a very quiet start to HIPAA settlement activity in 2020, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced eight settlements with covered entities and business associates.
The most recent of these announcements involves the second-largest HIPAA settlement amount in OCR’s history, amounting to $6.85 million.…
HHS Issues HIPAA Guidance on Contacting Survivors of COVID-19 About Plasma Donation
The Office of Civil Rights of the U.S. Department of Health and Human Services has issued guidance clarifying how HIPAA’s Privacy Rule permits covered entities (in particular, health care providers and health plans) or their business associates to contact former COVID-19 patients about plasma donation to treat or potentially treat patients. The guidance follows the…