When it comes to compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), is your house in order? Has someone recently looked underneath the counter and...more
3/20/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
PHI ,
Policies and Procedures ,
Risk Management ,
Training
The compliance deadline for changes to the privacy of reproductive health information is fast approaching, with the new rules taking effect on December 23, 2024. Earlier this year, new regulations under the Health Insurance...more
On April 12, 2023, the Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced proposed changes to HIPAA’s Privacy Rule with regard to reproductive health information. The proposed changes are set out in a...more
6/6/2023
/ Abortion ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
HIPAA Privacy Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
PHI ,
Pregnancy ,
Regulatory Agenda ,
Reproductive Healthcare Issues ,
Roe v Wade ,
Women's Rights
Providers oftentimes ask how long they need to retain certain types of medical information. While there are some general rules regarding the timeframes for retaining medical information, the specific answer varies depending...more
10/18/2022
/ Data Retention ,
Document Destruction ,
Electronically Stored Information ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personal Information ,
PHI ,
Policies and Procedures ,
Record Retention ,
Regulatory Requirements
Cyber-attacks on health care entities are becoming increasingly frequent, and the resulting data breaches are often complex. In the event of a cyber-attack, health care entities and their business associates must adhere to...more
The Office for Civil Rights (“OCR”), the entity responsible for HIPAA compliance and enforcement, has issued a series of guidance documents regarding the interplay of HIPAA and the COVID-19 pandemic. The most recent guidance...more
Over the past several months, the Office for Civil Rights (“OCR”), the entity responsible for compliance with and enforcement of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations...more
Over the past several weeks, the Office for Civil Rights (“OCR”), the entity responsible for compliance with and enforcement of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations...more
Health care providers operate in one of the most highly regulated industries in terms of compliance and governmental oversight. As a result, providers face a number of regulatory and compliance challenges each year....more
10/25/2019
/ Anti-Kickback Statute ,
Cyber Attacks ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Fraud and Abuse ,
Health Care Providers ,
Healthcare Fraud ,
HIPAA Breach ,
PHI ,
Popular ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Standards ,
Rulemaking Process ,
Stark Law
What have you done for me lately? Now that the tune is stuck in your head, specifically, have you recently conducted a thorough and up to date risk assessment in accordance with the requirements of the Health Insurance...more
8/15/2019
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Electronic Medical Records ,
Failure to Comply ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Medical Records ,
OCR ,
PHI ,
Risk Assessment
The Office of Civil Rights (“OCR”) is the federal agency that oversees compliance with the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations (“HIPAA”). In that regard, among other...more
5/10/2019
/ Cyber Attacks ,
Data Breach ,
Electronic Medical Records ,
Government Investigations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Risk Mitigation
The U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) was hard at work at the end of 2018—emphasizing the active efforts we have seen for the past few years from OCR. Below is a brief summary of some...more
3/7/2019
/ Comment Period ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Information Sharing ,
Mental Illness ,
OCR ,
Opioid ,
Personal Data ,
PHI ,
Privacy Policy ,
Value-Based Care
In the age of electronic medical records and ransomware attacks, recent focus with regard to HIPAA compliance seems to be on electronic security. How are your electronic medical records stored? Do you require two-factor...more
7/11/2018
/ Cyber Attacks ,
Data Breach ,
Electronic Devices ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management
In light of the recent incident in Las Vegas, the Office of Civil Rights (“OCR”), the government entity responsible for HIPAA Compliance, issued clarification guidance on the ability of a health care provider to share...more
In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more
2/13/2017
/ Breach Notification Rule ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Malware ,
OCR ,
PHI ,
Ransomware ,
Reporting Requirements ,
Strict Compliance
In an effort to review and examine compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA"), the Department of Health and Human Services Office for Civil...more
On January 17, 2013, the Department of Health and Human Services (“HHS”) released its long awaited final HIPAA rule, which significantly expands certain obligations for healthcare providers and their business associates (the...more
2/5/2013
/ Business Associates ,
Compliance ,
Data Breach ,
Decedent Protection ,
Enforcement ,
Fundraisers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Immunization Records ,
Marketing ,
Notice Requirements ,
Patient Rights ,
PHI ,
Privacy Policy ,
Privacy Rule ,
Subcontractors ,
Third-Party