New Developments in Health Information Policy
New HIPAA Final Rule: Key Changes to Reproductive Health Care Privacy - Thought Leaders in Health Law®
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Web-based Tracking Technology and AI: HIPAA Compliance Issues for Health Care Practices
Hybrid Workforces and Compliance with Sheila Limmroth
HIPPA: Privacy & Security and Potential Rule Changes
With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more
December 2024 was an active month for the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"). OCR announced (i) a $1.19 million civil monetary penalty ("CMP") against Gulf Coast Pain...more
Health care entities maintain compliance programs in order to comply with the myriad changing laws and regulations that apply to the health care industry. Although laws and regulations specific to the use of artificial...more
The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth. In fact, in 2022, the Government Accountability...more
As we reflect on the flurry of activity in the health care data privacy and security space in 2023 and look ahead to what will continue to be a busy 2024, we are seeing the early stages of federal agency movement to align the...more
Happy Holidays! The December Monthly Minute includes a fiduciary checkup reminder and a look at HHS’ recent settlement stemming from a phishing attack that impacted ePHI of nearly 35,000 individuals....more
On October 18, 2023, the Office for Civil Rights (OCR) of the US Department of Health and Human Services (HHS) issued two resource documents to help explain the privacy and security risks to patients’ protected health...more
Long before enactment of HIPAA, substance use disorder (“SUD”) treatment records have enjoyed confidentiality protections under 42 C.F.R. Part 2 (“Part 2”). Since HIPAA/HITECH and related regulations went into effect, SUD...more
In a December 2022 bulletin published by the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS), HHS made clear that the use of third-party tracking technologies by covered entities and business...more
By January 31, 2023, general acute care hospitals, clinical labs and certain physician organizations and medical groups in California are required to enter into the Single Data Sharing Agreement (DSA) to participate in the...more
Report on Patient Privacy 22, no. 8 (August, 2022) - Oklahoma State University Center for Health Sciences’ (OSUCHS) breach might not have seemed all that serious at the time: No data is believed to have been misused,...more
Report on Patient Privacy 21, no. 5 (May 2021) - Given the hundreds of thousands of HIPAA covered entities (CEs) and business associates (BAs) and the two dozen or so enforcement actions the HHS Office for Civil Rights...more
There has been a significant development in the ongoing debate regarding the scope of the authority of the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) to issue penalties under the Health...more
With a notably sharply worded opinion, the Fifth Circuit recently vacated over $4.3 million in penalties levied against the University of Texas M.D. Anderson Cancer Center (M.D. Anderson) by the Department of Health and Human...more
This two-day Regional Compliance and Ethics Conferences provide attendees with a forum to interact with local compliance professionals, share information about your compliance successes and challenges, and create educational...more
The CMS Division of National Standards, on behalf of HHS, is launching the Compliance Review Program (the “Program”) to ensure compliance among covered entities with HIPAA Administrative Simplification rules for electronic...more
Proposed Modifications to HIPAA Regulations under Consideration - On December 14, 2018, HHS issued its Request for Information on Modifying HIPAA Rules to Improve Coordinated Care as part of its Regulatory Sprint to...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Evaluates Advances in Face Recognition Software - On November 30, 2018, the National Institute of Standards and Technology ("NIST") published a...more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently announced a no-fault settlement, including a $125,000 penalty and a two year corrective action plan for Allergy Associates of...more
Recent experiences of major health care companies offer a reminder of the importance of data security and following a well-written policy for compliance with the HIPAA Privacy Rule....more
Although the fate of the Affordable Care Act remains undecided, enforcement of the HIPAA privacy and security regulations by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services is ongoing,...more