The growing use of healthcare mobile applications and websites—and the associated use of online tracking technologies—raises privacy concerns under the Health Insurance Portability and Accountability Act (HIPAA) that developers of such applications and healthcare organizations should keep in mind. Indeed, there has been an uptick in litigations filed across
Articles Discussing HIPAA.
HIPAA Regulated Entities: Website or App Tracking Technologies, Pixels Can Create Significant Compliance and Litigation Risks
Last month, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a bulletin with guidance concerning the use of online tracking technologies by covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA). The OCR Bulletin follows a significant uptick
OCR Reminds Healthcare Providers and Their Business Associates – You Need an Incident Response Plan!
We have been quite busy this October, which happens to be National Cybersecurity Awareness Month. But, we did not want to let the month go by without some recognition; and we are grateful to the HHS Office for Civil Rights (OCR) for this always timely reminder for HIPAA covered entities
Recent HIPAA Settlement Offers Lessons on Data Disposal and the Meaning of PHI
A $300,640 settlement announced yesterday by the Office for Civil Rights (OCR) provides important reminders about HIPAA Privacy Rule and data privacy practices generally: robust data disposal practices are critical and “protected health information” (PHI) is not limited to diagnosis or particularly sensitive information.
The OCR’s settlement involved a New
Dobbs and Privacy: President Biden’s Executive Order and OCR HIPAA Guidance
In response to the United States Supreme Court decision in Dobbs vs. Jackson Women’s Health Organization, President Joe Biden signed an Executive Order on Friday, July 8, 2022, designed to protect access to reproductive health care services. In addition to measures seeking to safeguard access to abortion and contraception, the
“Get a Life” – Another Dentist Responds to Patient’s Online Review, This Time Faces a $50,000 OCR Penalty
It can be cathartic responding to a negative online review. It can also backfire, as can failing to cooperate with an OCR investigation as required under HIPAA.
The Office for Civil Rights (OCR) recently announced four enforcement actions, one against a small dental practice that imposed a $50,000 civil monetary
Does This Arrangement Require a Business Associate Agreement?
At Nexsen Pruet, we work with clients across the full spectrum of healthcare to manage compliance with HIPAA, and often we receive questions about associates and business associate contracts.
HIPAA Compliance: Managing Business Associates & Business Associate Agreements
Health Care attorney Shannon Lipham breaks down HIPAA privacy rule as she discusses managing business associates and business associate agreements while staying HIPAA compliant.
OCR Issues HIPAA and COVID-19 Vaccination Guidance
The Office for Civil Rights (“OCR”)—the agency within the U.S. Department of Health and Human Services responsible for, among other things, enforcing compliance with HIPAA— recently released guidance on HIPAA’s application to an individual’s COVID-19 vaccination status to combat the misinformation circulating that HIPAA applies to a broader array of
Information Blocking and HIPAA’s Right to Access: Compliance Burdens for Healthcare Providers
Since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule became effective in 2003, it generally required covered entities to provide patients timely access to their medical records. Of course, state health laws also have provided similar rights to patients regarding their records, some more and some less stringent than HIPAA.
Information Blocking and HIPAA’s Right to Access – Is Your Practice Compliant?
Patient record requests can be a significant administrative burden for health care providers. An OCR enforcement initiative and a new federal law give providers more reason to get this process right. We summarize these rules here.
Since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule became
Fourth Circuit Court of Appeals Holds HIPAA Does Not Create a Private Right of Action
There is no private cause of action to address an improper disclosure of medical information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the U.S. Court of Appeals for the Fourth Circuit has held for the first time. Payne v. Taslimi, No. 18-7030, 2021 U.S. App. LEXIS 15972 (4th Cir. May 27, 2021).
Small NJ Medical Practice Becomes 18th Target of OCR’s HIPAA Right of Access Enforcement Initiative
A small New Jersey plastic surgery practice, Village Plastic Surgery (“VPS”), has become the eighteenth HIPAA covered entity to face an enforcement action under the Office for Civil Right’s HIPAA Right of Access Initiative. According to the OCR’s announcement, VPS agreed to a two-year corrective action plan and pay $30,000
OCR Releases Report Summarizing HIPAA Privacy and Security Compliance Failures
In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new year. The
HIPAA Enforcement Remains Strong in 2020
It seems like every aspect of healthcare is changing during these uncertain times, but one thing remains the same – HIPAA enforcement is going strong. The Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS), responsible for enforcing HIPAA regulations, has been active this year in terms of settlements of potential HIPAA privacy and security violations. More than $12.2 million has been recorded this year in resolution agreements, despite the Notification of Enforcement Discretion related to COVID-19 issued by HHS.
Social Profiles