HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
On April 26, the US Department of Health and Human Services Office for Civil Rights (OCR) published a Final Rule that adds protections under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule...more
On May 6, 2024, the Department of Health and Human Services (HHS) published its final rule revamping the non-discrimination regulations issued under § 1557 of the Affordable Care Act. The revised rules apply to all...more
On February 8, 2024, the U.S. Department of Health & Human Services, through the Substance Abuse and Mental Health Services Administration and the Office for Civil Rights (collectively, HHS), issued a Final Rule that amends...more
After more than a year since the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) issued the proposed changes to the...more
Recently, lawsuits have been filed against Duke and WakeMed regarding their use of Meta’s Meta Pixel tracking product and the alleged improper disclosure of patients’ protected health information (“PHI”). The U.S. Department...more
Report on Patient Privacy 21, no. 3 (March 2021) - Sometime during the fall, a worker for a subcontractor of Humana Inc. decided to share actual member information from medical records via a Google document with people he...more
In an era of decreasing reimbursement and rapidly expanding opportunities associated with “big data”, healthcare entities may be looking for ways to monetize protected health information (“PHI”) for their own, non-patient...more
HIPAA privacy and security violations can result in fines of $110 to $55,100 to covered entities (including healthcare providers and health plans) and their business associates. (45 CFR 160.404). If the violation resulted...more
Last week, the HHS Office for Civil Rights (OCR) launched an improved version of their HIPAA Breach Reporting Tool (HBRT), commonly referred to by OCR and regulated entities alike as the HIPAA “Wall of Shame.” OCR has also...more
Many New Year’s Resolutions focus on actions intended to save money and reduce stress. Organizations, especially those in the health care industry, should consider a resolution to review their breach notification procedures...more
The Office of Civil Rights Audit Pilot Program has come to an end with 115 audits, primarily in person, having been completed. The Pilot Program had multiple revelations in privacy, some of which were probably, not so...more
Under the Privacy Rule, an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that...more
The HHS Office of Civil Rights (OCR) has granted certain clinical laboratories a temporary reprieve from the requirement to update their Notices of Privacy Practices (NPPs) by September 23, 2013, the deadline imposed by the...more
This has been a busy week for the Department of Health and Human Services / Office for Civil Rights (HHS/OCR). It has started releasing guidance on various provisions of the Omnibus HIPAA final rule (the "Final Rule") in...more
With the September 23, 2013 compliance date for the HIPAA Omnibus Rule only one week away, the Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have developed...more
Dis-Like! Senator Markey Urges the FTC to Investigate Facebook’s New Policies - As we previously reported, Facebook has proposed a number of revisions to its Data Use Policy and Statement of Rights and...more
The long-awaited final omnibus rule (Omnibus Rule) that modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) [1] took effect last week, on March 26, 2013. Leon Rodriguez, Director of the U.S....more
On March 22, 2013, Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) Director Leon Rodriguez presented the keynote address to attendees of the American Health Lawyers’ Association HIPAA/HITECH Conference in...more
In This Issue: - A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule 1. Business Associates and Subcontractors 2. Breach Notification 3. Covered Entity Organizational Structures 4. Cloud...more
On January 25, 2013, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published a final rule (Final Rule) containing modifications to the privacy standards (Privacy Rule), security...more
The Office for Civil Rights of the Department of Health and Human Services (“OCR”) has issued final regulations modifying the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security, Breach...more
On January 25, 2013, the Department of Health and Human Services (HHS) published final regulations that modify the Privacy, Security, Enforcement and Breach Notification Rules issued pursuant to the Health Insurance...more
Changes to the HIPAA Breach Notification Rule - Background: The HITECH Act required Covered Entities to notify individuals, HHS, and in some cases, the media, of a Breach of Unsecured PHI. A Business Associate is...more
Changes to the HIPAA Enforcement Rule - Background: On October 30, 2009, HHS issued an interim final rule revising the Enforcement Rule to incorporate provisions of the HITECH Act. The NPRM then proposed a number of...more
Changes to the HIPAA Security Rule Background: The HIPAA Security Rule protects electronic PHI by requiring Covered Entities to implement certain administrative, physical, and technical safeguards surrounding...more