HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
On January 28, 2020, the Department of Health & Human Services (“HHS”) Office for Civil Rights (“OCR”) addressed a federal court’s January 23rd invalidation of certain provisions of the Health Insurance Portability and...more
Thanks to a federal judge, the Office for Civil Rights has modified its rules for sending records to third parties. Covered entities are no longer required by HIPAA to send non-electronic protected health information (“PHI”)...more
The HHS Office for Civil Rights (OCR) issued an Important Notice Regarding Individuals’ Right of Access to Health Records through its email list serve on January 29, 2020. In the Notice, OCR addressed the recent memorandum...more
New guidance issued by the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) reaffirms that business associates must have proper HIPAA compliance practices, safeguards and documentation in place...more
On January 9, 2017, the Department of Health and Human Services Office of Civil Rights (HHS OCR), which enforces the privacy requirements contained in Health Insurance Portability and Accountability Act (HIPAA), announced a...more
Recent enforcement actions and the new Omnibus Rule implementing several HITECH obligations highlighted the need for a new look at HIPAA obligations for covered entities and now business associates. HITECH not only raised the...more
On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more
Under the Privacy Rule, an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that...more
The HHS Office of Civil Rights (OCR) announced that the Health Information Technology (HIT) Policy Committee’s Privacy and Security Tiger Team will hold a virtual, public hearing on Monday, September 30 from 11:45 a.m. to...more
The HHS Office of Civil Rights (OCR) has granted certain clinical laboratories a temporary reprieve from the requirement to update their Notices of Privacy Practices (NPPs) by September 23, 2013, the deadline imposed by the...more
This has been a busy week for the Department of Health and Human Services / Office for Civil Rights (HHS/OCR). It has started releasing guidance on various provisions of the Omnibus HIPAA final rule (the "Final Rule") in...more
Just days before the September 23, 2013 enforcement date for the new HITECH Act Omnibus rules, the Department of Health and Human Services' Office for Civil Rights has published several new guidance tools and documents. On...more
The HHS Office of Civil Rights (OCR) recently released several versions of a model Notice of Privacy Practices (NPP) for use by covered entity health plans and health care providers. The notices have been written specifically...more
With the September 23, 2013 compliance date for the HIPAA Omnibus Rule only one week away, the Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have developed...more
Dis-Like! Senator Markey Urges the FTC to Investigate Facebook’s New Policies - As we previously reported, Facebook has proposed a number of revisions to its Data Use Policy and Statement of Rights and...more
In response to a recent lawsuit and outcry from a variety of players in the health care market, the Department of Health and Human Services (“HHS”) has committed to issuing guidance by September 23rd (the compliance date for...more
Affinity Health Plan has agreed to pay more than $1.2 million to settle potential violations of the HIPAA Privacy and Security Regulations....more
Presumably at this point HIPAA, HITECH and the Omnibus Regulation have been published, digested and everyone is in full compliance with the requirements that have been set forth....more
The long-awaited final omnibus rule (Omnibus Rule) that modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) [1] took effect last week, on March 26, 2013. Leon Rodriguez, Director of the U.S....more
On March 22, 2013, Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) Director Leon Rodriguez presented the keynote address to attendees of the American Health Lawyers’ Association HIPAA/HITECH Conference in...more
In This Issue: - A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule 1. Business Associates and Subcontractors 2. Breach Notification 3. Covered Entity Organizational Structures 4. Cloud...more
As we have reported in this blog, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and...more
In this information technology era, it is little wonder that the Obama Administration has made enforcement of data security and privacy protections a top priority. The enforcement emphasis reflects public opinion favoring...more
The Office for Civil Rights of the Department of Health and Human Services (“OCR”) has issued final regulations modifying the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security, Breach...more
On January 25, 2013, the Department of Health and Human Services (HHS) published final regulations that modify the Privacy, Security, Enforcement and Breach Notification Rules issued pursuant to the Health Insurance...more