News & Analysis as of September 20, 2024

Office of Civil Rights

+ Follow

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc. less -

HHS-OCR Publishes Final HIPAA Privacy Rule Expanding Reproductive Health Care Privacy and Further Supporting Patient...

Goodwin on 6/19/2024

On April 26, 2024, almost a year after issuing a notice of proposed rulemaking to modify the Privacy Rule, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) finalized the HIPAA Privacy Rule to...more

HHS Supports Reproductive Health Care Privacy by Modifying the HIPAA Privacy Rule

Stinson - Benefits Notes Blog on 5/24/2024

The Department of Health and Human Services’ (“HHS”) Office for Civil Rights recently published a final rule (the “Final Rule“) which provides additional privacy protections related to the use and disclosure of reproductive...more

HHS Publishes Final Rule to Support Reproductive Health Care Privacy

Epstein Becker & Green on 5/23/2024

The Supreme Court’s 2022 decision in Dobbs v. Jackson Women’s Health Organization to eliminate the federal constitutional right to abortion continues to alter the legal landscape across the country. On April 26, 2024, the...more

HIPAA Privacy Rules Amended to Require Protection of Reproductive Health Care Information

Woodruff Sawyer on 5/17/2024

On April 26, 2024, the Office of Civil Rights (OCR) at the U.S. Department of Health & Human Services (“HHS”) issued a Final Rule amending the HIPAA Privacy Rule to protect the ability of individuals to receive reproductive...more

OCR Releases Final HIPAA Privacy Rule to Support Reproductive Health Care Privacy

Morgan Lewis - ML Benefits on 5/17/2024

The US Department of Health and Human Services, Office for Civil Rights (OCR) published its Final Rule titled HIPAA Privacy Rule to Support Reproductive Health Care Privacy in the Federal Register on April 26, 2024....more

Significant New Healthcare Privacy and Cybersecurity Developments

Dorsey & Whitney LLP on 4/29/2024

As the federal government continues to take action in response to events impacting the healthcare landscape, stakeholders must ensure that they are staying up-to-date with health information privacy and security developments...more

[Event] Healthcare Privacy Compliance Academy - July 15th - 18th, Charlotte, NC

Health Care Compliance Association (HCCA) on 3/13/2024

Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more

42 CFR Part 2 Final Rule Harmonizes Substance Use Disorder Confidentiality Protections with HIPAA

Williams Mullen on 2/15/2024

On February 8, 2024, the federal Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 CFR Part 2 (Part 2) were revised in part to increase patient protection and streamline patient consent...more

New Washington Law Has Broad Implications For Protecting Consumer Health Data - Landmark ‘My Health My Data’ Act Reaches Beyond...

Davis Wright Tremaine LLP on 5/2/2023

On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the "Act"), which will regulate the collection, use, and disclosure of "consumer health data" ("Consumer Health Data" or "CHD"). The...more

HHS Proposes HIPAA Changes to Protect Reproductive Health Information

Holland & Knight LLP on 4/17/2023

The U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) published a Notice of Proposed Rule Making (Proposed Rule) on April 12, 2023, proposing amendments to the Health Insurance Portability and...more

After a Breach Is Too Late: Ensure BA, Subcontractor Compliance Now

Health Care Compliance Association (HCCA) on 3/25/2021

Report on Patient Privacy 21, no. 3 (March 2021) - Sometime during the fall, a worker for a subcontractor of Humana Inc. decided to share actual member information from medical records via a Google document with people he...more

[Virtual Event] 2021 25th Annual Compliance Institute - April 19th - 22nd, 9:30 am - 4:35 pm CDT

Health Care Compliance Association (HCCA) on 1/26/2021

The Compliance Institute is celebrating 25 years! Join us for the Compliance Institute's 25th anniversary, April 19-22, 2021. This year, HCCA is excited to celebrate over two decades of compliance excellence with our...more

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on 8/14/2020

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

Big Breaches, Down in First Half of 2020, Show Role of BAs; Increase May Be Coming

Health Care Compliance Association (HCCA) on 7/15/2020

Report on Patient Privacy 20, no. 7 (July 2020) - During the first six months of this year, 228 breaches affecting 500 or more individuals were reported to the HHS Office for Civil Rights (OCR), and of the top 20, five...more

As Covered Entities Inch Toward Normalcy, Thorny Worker, Patient Privacy Issues Arise

Health Care Compliance Association (HCCA) on 6/15/2020

Report on Patient Privacy 20, no. 6 (June 2020): Being a health care provider in the midst of a pandemic is complicated enough, between offering telehealth services, perhaps for the first time, and helping workers continue...more

COVID-19 and Data Protection Compliance in the US

White & Case LLP on 4/15/2020

Irrespective of your industry, the current COVID-19 pandemic poses a new and unique challenge to organizations, their employees, and their customers. The emergence of COVID-19 has prompted organizations to collect and process...more

Modified HIPAA Rules for Sending Records to Third Parties

Holland & Hart - Health Law Blog on 2/10/2020

Thanks to a federal judge, the Office for Civil Rights has modified its rules for sending records to third parties. Covered entities are no longer required by HIPAA to send non-electronic protected health information (“PHI”)...more

A New Decade of HIPAA – What Can We Expect?

Mintz - Privacy & Cybersecurity Viewpoints on 12/24/2019

As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more

'Misinterpretation' of Breach Rule, Lack of Internal BAA Cost Hospital Group $2.1M

Health Care Compliance Association (HCCA) on 12/5/2019

Report on Patient Privacy 19, no. 12 (December 2019) - Sentara Hospitals, a nonprofit group of 12 medical centers in Virginia and North Carolina, will implement a fairly minimal two-year corrective action plan (CAP) and...more

Report on Patient Privacy Volume 19, Number 11. Privacy Briefs: November 2019

Health Care Compliance Association (HCCA) on 11/12/2019

Report on Patient Privacy Volume 19, Number 11. (November 2019) ? The biggest threat to protected health information comes from carelessness within your organization, according to a brief from the Clearwater...more

OCR Releases New HIPAA FAQs on Care Coordination by Health Plans

Mintz - Health Care Viewpoints on 7/12/2019

On June 26, 2019, the Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) released Frequently Asked Questions (FAQs) on how HIPAA allows health plans to share protected health...more

Protecting LTC Residents' PHI: Eight Tips for Avoiding a Data Breach

Baker Donelson on 4/23/2019

Organizations that meet the definition of "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA) must be diligent to maintain the privacy and security...more

Recent HIPAA Privacy and Security Settlements and Lessons Learned

Perkins Coie on 4/8/2017

Although the fate of the Affordable Care Act remains undecided, enforcement of the HIPAA privacy and security regulations by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services is ongoing,...more

Report Warns Providers of HIPAA Violations When Responding to Negative Online Reviews

Foley & Lardner LLP on 7/25/2016

ProPublica, a public interest investigative newsroom, recently identified more than 3,500 one-star medical reviews on Yelp in which patients complained about privacy issues. ProPublica determined that “in dozens of instances,...more

Two Additional HIPAA Settlements Demonstrate Breadth of HIPAA Enforcement Activity

Saul Ewing LLP on 4/26/2016

During the week of April 18, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced two significant settlements with a large New York City hospital and a North Carolina orthopaedic...more

34 Results

View per page

Page: of 2

Business Associates › Patient Privacy Rights › Office of Civil Rights

"My best business intelligence, in one easy email…"