Attestations are at the heart of permissible disclosures under the HHS Office for Civil Rights’ (OCR) new reproductive health privacy rule—and OCR wants covered entities (CEs) and business associates (BA) to use them now. The...more
7/16/2024
/ Attestation Requirements ,
Breach Notification Rule ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Disclosure ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Labeling ,
OCR ,
Patient Privacy Rights ,
Patients ,
PHI ,
Privacy Laws
United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more
5/13/2024
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Hackers ,
Health Care Providers ,
Healthcare ,
Legislative Agendas ,
OCR ,
Patients ,
Personal Information ,
Popular ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Requirements
Report on Patient Privacy 23, no. 10 (October, 2023)
By 2016, it should have been clear to HIPAA covered entities that a security risk analysis—and corresponding risk management plan—were compliance basics. Yet, a new...more
10/6/2023
/ Compliance ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Privacy Laws ,
Risk Assessment ,
Risk Management
HIPAA covered entities (CEs) longing for the opportunity to dispense with what some would call the more nettlesome aspects of notices of privacy practices (NPPs) will just have to be patient. For how long, no one is saying....more
5/12/2023
/ Covered Entities ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Reform ,
HIPAA Privacy Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Proposed Amendments ,
Proposed Rules ,
Reproductive Healthcare Issues
Report on Patient Privacy 22, no. 10 (October, 2022) -
How about free?
Patients daily face the machinations of getting records from their providers, and health care practices, hospitals and even dentists struggle with...more
10/10/2022
/ Corrective Action Plans (CAPs) ,
Covered Entities ,
Dentists ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Excessive Fees ,
Health Care Providers ,
HIPAA Violations ,
Medical Records ,
OCR ,
PHI ,
Settlement Agreements
Report on Patient Privacy 22, no. 9 (September, 2022) -
When recommending best practices, federal privacy and security officials stress that organizations need to follow their protected health information (PHI) wherever...more
9/12/2022
/ Business Associates ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Improper Disposal ,
OCR ,
PHI ,
Settlement Agreements
Report on Patient Privacy 22, no. 5 (May, 2022) -
Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more
5/6/2022
/ Business Associates ,
Civil Monetary Penalty ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Fines ,
Funding ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
HITECH Act ,
Injunctive Relief ,
OCR ,
PHI ,
Popular ,
Privacy Laws
Report on Patient Privacy 22, no. 4 (April, 2022) -
By many measures, David Northcutt’s unsuccessful 2018 bid for the Alabama senate was a costly one. Northcutt, a dentist, loaned his campaign $73,000 throughout the...more
4/8/2022
/ Breach Notification Rule ,
Business Associates ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Dentists ,
Email ,
Enforcement Actions ,
HIPAA Privacy Rule ,
HIPAA Violations ,
OCR ,
Online Reviews ,
PHI ,
Policies and Procedures ,
Political Campaigns ,
Privacy Rule ,
Security Rule
Report on Patient Privacy 22, no. 2 (February, 2022) -
The new national health information network calls for a number of privacy and security safeguards and standards that, in some instances, exceed what HIPAA covered...more
2/14/2022
/ Audits ,
Business Associates ,
Certifications ,
Covered Entities ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Notification Requirements ,
PHI ,
Popular
Report on Patient Privacy 21, no. 12 (December, 2021) -
Amid the letters of congratulations to new HHS Office for Civil Rights (OCR) Director Lisa Pino is a plea from the American Hospital Association (AHA): “victims” of...more
12/10/2021
/ American Hospital Association ,
Business Associates ,
Civil Monetary Penalty ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Department of Health and Human Services (HHS) ,
HIPAA Security Rule ,
OCR ,
Popular ,
Request For Information ,
Rulemaking Process
Report on Patient Privacy 21, no. 11 (November, 2021) -
Attorney Brad Hammer doesn’t always don a suit and tie, or what he calls his “lawyer’s uniform.” A privacy and security expert and founder of the Vakaris Group based...more
11/15/2021
/ Business Associates ,
Chief Compliance Officers ,
Covered Entities ,
Cyber Attacks ,
Cyber Insurance ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Information Security ,
Information Technology ,
Phishing Scams ,
Policies and Procedures ,
Ransomware ,
Risk Mitigation ,
Training
Report on Patient Privacy 21, no. 10 (October, 2021) -
Conducting a risk analysis is a basic tenet of security compliance, with the overarching goal of understanding where protected health information (PHI) “lives” in an...more
10/15/2021
/ Business Associates ,
China ,
Covered Entities ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
FBI ,
Hackers ,
Health Care Providers ,
National Security ,
PHI ,
Physicians ,
Risk Mitigation
Issue a final rule revising the privacy regulation and write guidance on the information blocking rule. Formalize the fledgling audit program required by Congress more than 10 years ago. Engage with providers and other...more
8/13/2021
/ 21st Century Cures Act ,
Audits ,
Biden Administration ,
Business Associates ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Violations ,
Information Blocking Rules ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Ransomware
Report on Patient Privacy 21, no. 7 (July, 2021) -
...These heartfelt comments are among those submitted to the HHS Office for Civil Rights (OCR) in response to its January notice of proposed rulemaking (NPRM), which...more
7/9/2021
/ Caregivers ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mental Health ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
PHI ,
Physicians ,
Public Comment ,
Substance Abuse
Report on Patient Privacy 21, no. 5 (May 2021) -
Given the hundreds of thousands of HIPAA covered entities (CEs) and business associates (BAs) and the two dozen or so enforcement actions the HHS Office for Civil Rights...more
5/7/2021
/ Business Associates ,
Cooperation ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Failure to Notify ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Investigations ,
OCR ,
PHI ,
Popular
Report on Patient Privacy 21, no. 3 (March 2021) -
Sometime during the fall, a worker for a subcontractor of Humana Inc. decided to share actual member information from medical records via a Google document with people he...more
3/25/2021
/ Business Associates ,
Business Associates Agreement (BAA) ,
Compliance ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Notice Requirements ,
OCR ,
Patient Privacy Rights ,
PHI ,
Subcontractors
Report on Patient Privacy 21, no. 2 (February 2021) -
Unless an extension is granted or the notice of proposed rulemaking (NPRM) is withdrawn, covered entities (CEs) and business associates (BAs) have until late March to...more
2/26/2021
/ Business Associates ,
Comment Period ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
HIPAA Privacy Rule ,
HIPAA Violations ,
Medical Records ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Right of Access ,
Settlement Agreements
Report on Patient Privacy 20, no. 12 (December 10, 2020) -
Transparency and contrition are two qualities that HIPAA officials at covered entities (CEs) and business associates (BAs) might want to think about expressing...more
Report on Patient Privacy 20, no. 10 (October 2020) -
September was quite the month for enforcement actions by the HHS Office for Civil Rights (OCR). The agency announced eight settlements totaling more than $10 million....more
10/16/2020
/ Business Associates ,
Compliance ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Data Breach ,
De-Identified Protected Health Information ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Settlement
Report on Patient Privacy 20, no. 7 (July 2020) -
During the first six months of this year, 228 breaches affecting 500 or more individuals were reported to the HHS Office for Civil Rights (OCR), and of the top 20, five...more
Report on Patient Privacy 20, no. 6 (June 2020):
Being a health care provider in the midst of a pandemic is complicated enough, between offering telehealth services, perhaps for the first time, and helping workers continue...more
6/15/2020
/ Business Associates ,
Coronavirus/COVID-19 ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Equal Employment Opportunity Commission (EEOC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Workers ,
OCR ,
Patient Privacy Rights ,
PHI
Report on Patient Privacy 20, no. 4 (April 2020)
In new guidance, the HHS Office for Civil Rights (OCR) has authorized hospitals and other covered entities (CEs) that may be faced with demands from first responders and law...more
4/14/2020
/ Compliance ,
Coronavirus/COVID-19 ,
Covered Entities ,
First Responders ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Infectious Diseases ,
Law Enforcement ,
OCR ,
Patient Privacy Rights ,
PHI ,
Public Health ,
Public Safety
Report on Patient Privacy 20, no. 1 (January 2020) -
In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more
1/13/2020
/ Ambulance Providers ,
Business Associates ,
Compliance ,
Corrective Action Plans (CAPs) ,
Corrective Actions ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Encryption ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Security Rule ,
OCR ,
PHI ,
Security Risk Assessments ,
Settlement
Report on Research Compliance 17, no. 1 (January 2020) -
Ah, those pesky residents. If you’re a teaching hospital, you can’t live without them, right? But sometimes living with them is mighty costly, as the University of...more
12/19/2019
/ Administrative Appeals ,
Civil Monetary Penalty ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
Laptop Computers ,
Medical Research ,
Medical Residents ,
OCR ,
PHI ,
Settlement ,
Teaching Hospitals