Healthcare providers running on thin margins or just seeking new (and in the case of tax-exempt providers, permissible) revenue sources may jump at the chance when third party vendors offer to help them monetize their patient...more
7/22/2024
/ Business Associates ,
Data Privacy ,
Data Security ,
Data Selling ,
De-Identification ,
De-Identified Protected Health Information ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Monetization ,
Penalties ,
PHI ,
Privacy Laws ,
Statutory Violations
A recent federal court decision is a victory for Health Insurance Portability and Accountability Act (HIPAA) covered entities using third-party tracking tools on unauthenticated webpages. These are websites available to the...more
6/26/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Business Associates ,
Covered Entities ,
Federal Trade Commission (FTC) ,
Final Judgment ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
IP Addresses ,
Judicial Review ,
OCR ,
PHI ,
Regulatory Authority ,
Warning Letters ,
Web Tracking ,
Websites
After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has, as part of its mandate, the responsibility to enforce the Health Insurance Portability and Accountability Act (HIPAA) Security Rule....more
5/14/2024
/ Audits ,
Business Associates ,
Compliance ,
Covered Entities ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
HITECH Act ,
OCR ,
PHI ,
Popular ,
Ransomware ,
Risk Assessment ,
Web Tracking
In the midst of an industry reeling from the Change Healthcare cybersecurity incident, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a series of final rules requiring...more
"Informed consent" has been described as "a bedrock principle of healthcare in a free society," and if a "patient is denied the ability to exercise or even consider informed consent, the patient's personal liberty suffers."1...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued updated guidance on March 18, 2024 regarding the use of online tracking technologies by entities and business associates covered by the...more
3/19/2024
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Priorities ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Tracking Systems ,
Web Tracking ,
Websites
Hospitals care about patient privacy, but they also have to connect with the public. In the real world, people mostly connect online. Having a fully functional online presence often requires help from third parties. ...more
11/8/2023
/ American Hospital Association ,
Business Associates ,
Class Action ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
PHI ,
Third-Party Service Provider ,
Tracking Systems ,
Web Tracking
For years, patients and healthcare companies have been wrestling with privacy issues relating to cookies, pixels and other tracking technologies. The U.S. Department of Health and Human Services' (HHS) Office of Civil Rights...more
12/5/2022
/ Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Tracking Systems ,
Web Tracking
The Federal Trade Commission (FTC) adopted a policy statement on Sept. 15, 2021, emphasizing that developers of digital health apps, connected devices and other health products have obligations under the Health Breach...more
9/27/2021
/ App Developers ,
Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Mobile Apps ,
Mobile Health Apps ,
Notice Requirements ,
PHI
An amendment to the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on Jan. 5, 2021, directing U.S. Health and Human Services (HHS) to consider "recognized security practices"...more
8/31/2021
/ Compliance ,
Covered Entities ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Industry Cybersecurity Practices (HICP) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Incident Response Plans ,
New Legislation ,
NIST ,
PHI
To date, there has been little consistency in how Health Insurance Portability and Accountability Act (HIPAA) requirements are enforced by the U.S. Department of Health and Human Services (HHS), or the amount of settlements...more
2/5/2021
/ Anti-Kickback Statute ,
Attorney-Client Privilege ,
Civil Monetary Penalty ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Dismissals ,
Enforcement Actions ,
False Claims Act (FCA) ,
Fraud ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Medicare ,
PHI ,
Physicians ,
Stark Law ,
WA Supreme Court
Privacy revisions under the Health Insurance Portability and Accountability Act (HIPAA) may be on the horizon, with some potential changes that could benefit both patients and the healthcare industry. Other changes, if...more
12/11/2020
/ Comment Period ,
Department of Health and Human Services (HHS) ,
EHR ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
NPRM ,
OCR ,
Patient Privacy Rights ,
PHI ,
Proposed Rules ,
Right of Access
Healthcare providers face a dilemma when patients post complaints or make other statements on social media. Just because a patient has made certain information public does not mean that the provider can also post protected...more
10/9/2019
/ Corporate Fines ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Online Reviews ,
PHI ,
Social Networks ,
Yelp
• The U.S. Department of Health and Human Services on Dec. 28, 2018, announced the release of the "Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients" that provides a "Call to Action" to make...more
1/14/2019
/ Best Practices ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Food and Drug Administration (FDA) ,
Hackers ,
Health Care Providers ,
Health Clinics ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Hospitals ,
Information Technology ,
Medical Devices ,
NIST ,
Patient Safety ,
Personally Identifiable Information ,
PHI ,
Phishing Scams ,
Popular ,
Ransomware ,
Risk Mitigation ,
Standard of Care
The Department of Health and Human Services' Office for Civil Rights (OCR) has issued a Request for Information, which is scheduled for publication in the Federal Register on Dec. 14, 2018. OCR is asking the public to provide...more
12/12/2018
/ Comment Period ,
Data Privacy ,
Data Security ,
Federal Register ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
OCR ,
PHI ,
Privacy Policy ,
Public Comment ,
Regulatory Agenda ,
Regulatory Burden ,
Request For Information ,
Value-Based Care
A number of new developments have taken place related to Health Insurance Portability and Accountability Act (HIPAA) privacy and security compliance, and enforcement is increasing. Healthcare providers, health plans and other...more
On December 8, 2014, the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) announced a resolution agreement with Anchorage Community Mental Health Services, Inc. (ACMHS). The agreement, which...more
On Oct. 10, 2014, the 11th Circuit opinion in Murphy v. Dulay provides significant guidance regarding HIPAA authorization forms. One of the most important provisions of the opinion focuses on the fact that HIPAA...more
Starting in 2015, eligible physicians and hospitals participating in the Medicare Electronic Health Records Incentive Program who do not adopt "meaningful" use" certified electronic health record (EHR) technology will no...more
The Ponemon Institute’s Fourth Annual Study on Patient Privacy & Data Security, dated March of 2014 and sponsored by ID Experts, is now available. The study, involving a sample of 91 organizations, contains both good news and...more
Way back on February 17, 2009, Congress passed a stimulus bill that contained provisions referred to as the Health Information Technology for Economic and Clinical Health ("HITECH") Act. The HITECH Act was geared toward...more
2/1/2013
/ Business Associates ,
Covered Entities ,
Data Protection ,
Decedent Protection ,
Department of Health and Human Services (HHS) ,
Fundraisers ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
Notice Requirements ,
OCR ,
PHI