On December 18, 2020, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued new guidance on the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The guidance addresses important questions related to the definition of a health information exchange (HIE), when…
Articles Posted in HIPAA
HHS Proposes HIPAA Modifications to Better Serve Patients
On December 10, 2020, the Office of Civil Rights (“OCR”) at the Department of Health and Human Services (“HHS”) announced a proposal to modify the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule. The overarching goal of the proposed rule is to get patients more engaged in their own…
Ransomware Attacks Imminent in Healthcare Entities
On October 29, 2020, the Office of Civil Rights (“OCR”) of the Department of Health and Human Services (“HHS”) announced that pursuant to credible information by HHS, the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA), hospitals and healthcare providers are at an imminent risk of a cybersecurity attack.…
CMS Expanding Telehealth to Combat COVID-19
Beginning on March 6, 2020, the Centers for Medicare and Medicaid Services (“CMS”) has temporarily expanded telehealth services for Medicare beneficiaries and cut back on HIPAA enforcement to help combat the COVID-19. This expansion will last until the end of the public health emergency as declared by the Secretary of…
OCR Imposing Fines on Smaller Providers for HIPAA Violations
The Office for Civil Rights (“OCR”), a division of the Department of Health and Human Services (“HHS”), is responsible for investigating complaints and reports that covered entities (i.e., health plans, health care clearinghouses, or health care providers that conduct certain electronic transactions) or business associates have violated either the HIPAA…
Anthem Settles Data Breach Suit at Record $16 Million
In 2015, Anthem, Inc. (“Anthem”) discovered that criminal hackers had breached its electronic database and gained access to over 79 million records, including the records of at least 12 million minors. The protected health information obtained by the hackers included, among other information, names, addresses, dates of birth, medical IDs,…
Lack of Business Associate Agreement Leads to $31k HIPAA Penalty
On April 20, 2017, the Department of Health and Human Services, Office for Civil Rights (HHS OCR) announced that it had reached a settlement with the Center for Children’s Digestive Health (the Center) regarding the Center’s (alleged) violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The…
HHS Modifies HIPAA to Allow for Easier Firearm Background Checks
In January, the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) published a final rule, which modifies HIPAA privacy rules to allow for easier sharing between certain HIPAA covered entities and the National Instant Criminal Background Check System (NICS). Specifically, the final rule allows…
OCR Releases New HIPAA Guidance for Health App Developers
On February 11, 2016, the Department of Health and Human Services, Office for Civil Rights (“OCR”), released important guidance on its Developer Portal to address the application of the Health Insurance Portability and Accountability Act (“HIPAA”) regulations to developers of mobile health apps. Whether a mobile app developer is directly…
Office for Civil Rights Advisor Warns Providers on HIPAA Audits: “Get Your House In Order”
On September 9, Linda Sanches, the Senior Advisor for the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) warned that Health Insurance Portability and Accountability Act (HIPAA) audits are forthcoming. Speaking at the HIMSS Privacy and Security Forum in Boston, Sanches cautioned attendees that the best…