The U.S. Department of Health & Human Services (HHS) issued a Final Rule in April 2024 amending the HIPAA Privacy Rule to strengthen protections for reproductive health care information. The goal was to prevent medical records from being used to investigate or penalize patients or providers for seeking or offering lawful reproductive care.
However, in
In light of the ongoing investigation of Change Healthcare’s ransomware attack that resulted in the improper disclosure of thousands of individuals’ PHI, now seems like a perfect time to discuss HIPAA’s requirements surrounding the notification process following a breach. Whether it’s a small breach where someone in your organization accidentally sent a patient’s contact information
In March of this year, The Office for Civil Rights of the Department of Health and Human Services issued a letter addressing the recent cybersecurity incident impacting many health care entities, primarily Change Healthcare, a unit of UnitedHealthcare Group (read the letter here). This incident was a great reminder of the constant vigilance required
On December 10, 2020, the Department of Health and Human Services (HHS) and the Office of Civil Rights (OCR) collaborated on announcing proposed HIPAA changes, intended to “empower patients” and “improve coordination of care”.
That’s encouraging, although one would have thought that to be unnecessary by now. HIPAA was enacted in 1996. It is a
Most medical practices view HIPAA compliance as maintaining appropriate documentation regarding patient notices and consents, and controlling access to the PHI within the office; that’s PRIVACY. Practices tend to forget the technology/security side of HIPAA, which requires maintaining, or reasonably attempting to maintain, secure EHR/IT systems; that’s SECURITY.
Athens Orthopedic Clinic PA agreed to pay
The following are just some random thoughts or curated information regarding the impact the COVID pandemic will have on privacy in general, and health information privacy in particular.
I have attached a link to information issued by HHS explaining that, not only are HHS and OCR specifically advising that the release of patient information regarding
Although many believe the HIPAA rules already allow for disclosure of COVID-19 cases on the basis of a public emergency, OCR just issued Guidance, attached in the link below, confirming disclosure is permitted when needed to provide treatment, with the notification is required by law and in order to prevent or control the spread of
On December 30, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $65,000 settlement with West Georgia Ambulance, Inc. for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules.
According to HHS, in 2013 the ambulance company reported a breach
On November 5, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $3,000,000 settlement with the University of Rochester Medical Center (“URMC”) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules in 2013 and 2017.
According to HHS, URMC
Today the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $3,000,000 settlement for a disclosure of patient protected health information (“PHI”) via its FTP server.
In 2014, HHS received an email tip that the social security numbers of Touchstone Medical Imaging (“Touchstone”) patients were accessible online via an insecure