Articles Discussing HIPAA.

The Office for Civil Rights (“OCR”)—the agency within the U.S. Department of Health and Human Services responsible for, among other things, enforcing compliance with HIPAA— recently released guidance on HIPAA’s application to an individual’s COVID-19 vaccination status to combat the misinformation circulating that HIPAA applies to a broader array of

Since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule became effective in 2003, it generally required covered entities to provide patients timely access to their medical records. Of course, state health laws also have provided similar rights to patients regarding their records, some more and some less stringent than HIPAA.

Patient record requests can be a significant administrative burden for health care providers. An OCR enforcement initiative and a new federal law give providers more reason to get this process right.  We summarize these rules here.

Since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule became

There is no private cause of action to address an improper disclosure of medical information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the U.S. Court of Appeals for the Fourth Circuit has held for the first time. Payne v. Taslimi, No. 18-7030, 2021 U.S. App. LEXIS 15972 (4th Cir. May 27, 2021).

A small New Jersey plastic surgery practice, Village Plastic Surgery (“VPS”), has become the eighteenth HIPAA covered entity to face an enforcement action under the Office for Civil Right’s HIPAA Right of Access Initiative. According to the OCR’s announcement, VPS agreed to a two-year corrective action plan and pay $30,000

In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new year.  The

It seems like every aspect of healthcare is changing during these uncertain times, but one thing remains the same – HIPAA enforcement is going strong. The Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS), responsible for enforcing HIPAA regulations, has been active this year in terms of settlements of potential HIPAA privacy and security violations.  More than $12.2 million has been recorded this year in resolution agreements, despite the Notification of Enforcement Discretion related to COVID-19 issued by HHS.

Over the past few years, and particularly during the COVID-19 pandemic, the Department of Health and Human Services Office for Civil Rights in Action (OCR) has made countless efforts to enhance its Health Insurance Portability and Accountability Act (HIPAA) guidance and other related resources on its website. Last week, the

When providers, health plans, business associates, and even patients and plan participants think of the HIPAA privacy and security rules (‘HIPAA Rules”), they seem to be more focused on the privacy and security aspects of the HIPAA Rules. That is, for example, safeguarding an individual’s protected health information (PHI) to

Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance.  OCR

Roger Severino, Director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), provides advice for HIPAA covered health care providers:

When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information

With the recent spread of coronavirus (2019-nCoV), it is an important time to examine what information employers may share under HIPAA’s Privacy Rule during an outbreak of infectious disease or other emergency situation.

School leaders are often understandably confused as to which law applies to health- or medical-related records in schools: The Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act of 1996 (HIPAA) “Privacy Rule.”

No business likes to receive bad reviews on Yelp® or anywhere else in social media. When they do, some feel the need to respond to clarify or rebut the reviews, but they must do so carefully. This is particularly true for HIPAA covered entities, as their responses could include protected health information (PHI). A recent Office for Civil Rights (OCR) settlement with a small dental practice highlights this point.