HHS Seeks to Strengthen Protections of Reproductive Health Information with Proposed Changes to HIPAA
On April 12, 2023, the U.S. Department of Health & Human Services (HHS) released a Notice of Proposed Rulemaking (Proposed Rule) that seeks to enhance safeguards of reproductive health care information through changes to the...
OCR Reminder: Pandemic-Era HIPAA Flexibilities Will End May 11, 2023
On April 11, 2023 – one month in advance of the end of the COVID-19 public health emergency (PHE) on May 11, 2023 – the federal Office for Civil Rights (OCR) confirmed that...
Annual Breach Notification Deadline to OCR Looming
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within...
HHS Proposes Rule to Align Part 2 Records and HIPAA
On November 28, 2022, the Department of Health and Human Services (HHS) issued a proposed rule to modify the confidentiality protections of Substance Use Disorder (SUD) patient treatment records under 42 CFR Part...
OCR Settles Improper Disposal Case for $300,640
On August 23, 2022, the Office for Civil Rights (OCR) issued a press release announcing that it had settled with New England Dermatology, P.C. (NED) for $300,640 “over the improper disposal...
OCR Settles Eleven More Cases Under Right of Access Initiative
Making quite the statement on July 15, 2022, the Office for Civil Rights (OCR) announced in a press release that it had recently settled an additional 11 cases under its Right...
SuperCare Health Hit with Another Data Breach Class Action
In the U.S. District Court for the Central District of California last week, SuperCare Health, Inc. was hit with another proposed class action based on a data breach that allegedly compromised...
Privacy Tip #324 – What Happens to My Health Information When a Hospital Goes Out of Business?
In general, both state and federal laws apply to health information or protected health information that is in the possession of hospitals, health systems, and medical providers. HIPAA requires that covered...
Reporting of Breaches Under 500 Due by March 1
HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals...
Health Care IoT Devices Pose Risk to Patient Care
As if health care entities don’t have enough to worry about during this chaotic and difficult time in the pandemic, a new report released by Cynerio, entitled “The State of IoMT...