CMS Tool for HIPAA Compliance

Bond Schoeneck & King PLLC

Bond Schoeneck & King PLLC

The pandemic has accelerated the U.S. healthcare system’s ascent into the digital age – and privacy standards are along for the ride. Recognizing this, the Federal Centers for Medicare and Medicaid Services (CMS) of the U.S. Dept. of Health and Human Services recently promoted a tool and related refreshed resources to help organizations and individuals determine whether they are a Covered Entity (CE) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). (A reminder: a CE is subject to HIPAA regulations.) The tool has particular salience in relation to HIPAA’s standards for electronic transactions

Early in January 2022, CMS republicized a decision-tree template, the “HIPAA Covered Entity Decision Tool,” to help health care providers and organizations determine whether they are a CE under the law. This resource is replete with hyperlinks intended to provide practical direction on whether an entity’s activities rise to the nature of electronic health care transactions contemplated under the HIPAA standards. The tool walks users through hypotheticals intended to identify whether they (whether providers, clearinghouses or health plans) fall in, or outside of, HIPAA. For those of a certain age (including this writer) who may remember the popular “Choose Your Own Adventure” book series targeted to middle schoolers during the 1980s and 1990s, the tool similarly relies upon the reader to make selections that drill the user downward to the final answer – here, whether the user is a CE under the circumstances presented.

We encourage Bond clients operating in the healthcare space to familiarize themselves with the tool, to view a recent Bond Health Law Outlook on the larger HIPAA regulatory environment in the context of the pandemic, and to take stock of the broader healthcare data privacy environment and its regulatory overlay. This is especially important when (as Bond recently reported) ransomware attacks are on a rapid rise in healthcare settings – and cybersecurity is of such prominence that it even has profound implications for global peace. 

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bond Schoeneck & King PLLC | Attorney Advertising

Written by:

Bond Schoeneck & King PLLC

Bond Schoeneck & King PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.