For more than 20 years, the HIPAA Security Rule has been virtually unchanged other than extending its scope beyond covered entities to also include business associates. During that time, technology has changed, cybersecurity...more
1/9/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Proposed Rules ,
Risk Management ,
Trump Administration
We just want to provide a friendly reminder that, before key staff depart for the holidays, HIPAA covered entities and business associates should finalize their compliance with the 2024 HIPAA amendments related to...more
12/19/2024
/ Compliance ,
Covered Entities ,
Data Privacy ,
Deadlines ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New Amendments ,
OCR ,
PHI ,
Reproductive Healthcare Issues ,
Settlement
The U.S. District Court for the Northern District of Texas ruled that HHS's December 1, 2022, guidance applying HIPAA to online tracking technologies is unlawful with respect to its treatment of certain combinations of...more
The U.S. Department of Health and Human Services (HHS) this week released final amendments to the HIPAA Privacy Rule to further protect the privacy of protected health information (PHI) related to reproductive health care....more
4/29/2024
/ Attestation Requirements ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HITECH Act ,
New Amendments ,
Patients ,
PHI ,
Policies and Procedures ,
Reproductive Healthcare Issues
Washington's My Health My Data Act (Act), which imposes substantial new obligations on the collection and use of broadly defined "consumer health data" (CHD), went into effect March 31, 2024. Everyone that conducts business...more
Changes to guidance are unlikely to mitigate widespread concerns -
On March 18, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) revised its controversial guidance on how HIPAA applies...more
The long-anticipated final rule addressing substance use disorder (SUD) records at 42 C.F.R. Part 2, commonly referred to as Part 2, is here. The final rule is a joint undertaking by the U.S. Department of Health and Human...more
2/21/2024
/ Breach Notification Rule ,
CARES Act ,
Civil Monetary Penalty ,
Confidentiality Policies ,
Consent Agreements ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Enforcement ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Penalties ,
PHI ,
Risk Assessment ,
SAMHSA ,
Substance Abuse
February 29, 2024, is the date by which HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of all "small" breaches of unsecured protected health information that...more
The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) announced its final rule (the Enforcement Rule) implementing the information blocking penalties created by the 21st Century Cures Act...more
7/28/2023
/ Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Enforcement ,
Federal Trade Commission (FTC) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Information Blocking Rules ,
Information Technology ,
OCR ,
OIG ,
ONC
On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the "Act"), which will regulate the collection, use, and disclosure of "consumer health data" ("Consumer Health Data" or "CHD"). The...more
5/2/2023
/ Business Associates ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
PHI ,
Private Right of Action
Walking a middle path, the HHS Office for Civil Rights (OCR) published proposed amendments to the HIPAA Privacy Rule on April 17, 2023, to further safeguard the privacy of reproductive health care information. This comes in...more
To assist HIPAA-regulated entities to improve their compliance with HIPAA and their safeguarding of health information, the Department of Health and Human Services' Office for Civil Rights (OCR) delivered to Congress two...more
HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of "small" breaches of unsecured protected health information that were discovered during calendar-year 2022 no...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued a bulletin on December 1, 2022, clarifying that "regulated entities are not permitted to use tracking technologies in a manner that would...more
On June 13, 2022, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced new guidance on using remote communication technologies to provide audio-only telehealth services in compliance with...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced four enforcement resolutions at the end of March 2022, with issues ranging from the misuse of protected health information (PHI)...more
March 1, 2022, is the date by which HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of "small" breaches of unsecured protected health information that were...more
It's that time of the year again: the opportunity to brush off your New Year's resolutions for privacy and security of health information. Here are some potential health information privacy and security resolutions for your...more
It used to be easy to calculate HIPAA penalties in your head—$50,000 per violation and up to $1.5 million per calendar year for multiple violations of the same HIPAA provision. But those days of easy math are long gone since...more
The Employee Benefits Security Administration (EBSA) of the U.S. Department of Labor (DOL) recently announced its first cybersecurity guidance for retirement plans subject to the Employee Retirement Income Security Act of...more
4/28/2021
/ Benefit Plan Sponsors ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Labor (DOL) ,
EBSA ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Popular ,
Retirement Plan ,
Retirement Plan Providers ,
Risk Management
The U.S. Department of Health and Human Services (HHS) recently announced a 45-day extension of the comment period for proposed changes to the HIPAA Privacy Rule. The deadline for submitting comments now has been pushed from...more
March 1, 2021, is the due date for HIPAA-covered entities to notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) about "small" breaches of unsecured protected health information discovered...more
On January 21, 2021, the Department of Health and Human Services (HHS) published proposed changes to the privacy rule (Privacy Rule) of the Health Insurance Portability and Accountability Act (HIPAA). This Notice of Proposed...more
The COVID-19 pandemic and the proliferation of employees working remotely has prompted employers of every size to contend with new questions about laws applicable to their workers in distant locations. Depending on whether...more
2/2/2021
/ Compliance ,
E-3 ,
Employee Benefits ,
Employees ,
Flexible Work Arrangements ,
H-1B ,
Hiring & Firing ,
Intellectual Property Protection ,
Reimbursements ,
Remote Working ,
Telecommuting ,
Wage and Hour
On December 2, 2020, under the Trump Administration's "Regulatory Sprint to Coordinated Care" initiative, the Centers for Medicare & Medicaid Services (CMS) and the Office of Inspector General (OIG) published final...more
12/4/2020
/ Anti-Kickback Statute ,
Centers for Medicare & Medicaid Services (CMS) ,
Cybersecurity ,
Data Collection ,
EHR ,
Medical Records ,
OIG ,
Popular ,
Safe Harbors ,
Stark Law ,
Trump Administration