HIPAA

Subscribe to HIPAA RSS Feed

Are You Ready? Deadline to Comply with HIPAA Requirements for Reproductive Health Care PHI December 23, 2024

In response to the shifting legal landscape around reproductive health care, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) finalized amendments to the HIPAA Privacy Rule to strengthen privacy protections for highly sensitive protected health information (PHI) related (or potentially related) to reproductive health care. OCR announced the final rule … Continue Reading

42 C.F.R. Part 2 Final Rule to Align with the HIPAA Privacy Rules

The US Department of Health and Human Services, Office for Civil Rights (OCR)and the Substance Abuse and Mental Health Services Administration issued a Final Rule modifying the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations under 42 C.F.R. Part 2 (Part 2), applicable to certain federally assisted SUD treatment programs (Part 2 Programs), and … Continue Reading

Florida Electronic Health Records Exchange Act Amended – Health Records Maintained by Qualifying Health Care Providers Must Be Stored in the U.S., U.S. Territories, and Canada Only

On May 8, 2023, Governor Ron DeSantis of Florida signed CS/CS/SB 264, amending a suite of Florida statutes to impose heightened requirements on business activities involving foreign interests.  As related to the health care industry, CS/CS/SB 264 amended the Florida Electronic Health Records Exchange Act (“Act”) to, among other things, require “health care providers” that … Continue Reading

OCR Joins Chorus of Regulators Warning About Health Data Tracking Technology

Key Takeaway: Organizations must conduct a fact-based analysis to determine whether health data collection and tracking technology deployed on their websites and mobile apps complies with the federal Health Insurance Portability and Accountability Act (“HIPAA”) and other applicable laws and guidance. Cookies, web beacons, and similar technology are used to collect and analyze data about … Continue Reading

Webinar: Got Data?: How the Health Data Rules are Changing

On June 1, an SPB Partner and other industry experts will co-present on the ABA Webinar: Got Data?: How the Health Data Rules are Changing. The program, organized by the American Bar Association (ABA) will address recent and upcoming developments impacting health data including, CMS and ONC final rules on information blocking and interoperability, HIPPA and guidance … Continue Reading

Federal Appellate Court Tosses Out HIPAA Penalty for Healthcare Data Breaches, Criticizes OCR

In a dramatic rebuttal of how the Department of Health and Human Services Office of Civil Rights’ (“OCR”) has historically enforced HIPAA with potential far-ranging consequences, the Fifth Circuit Court of Appeals recently handed down a landmark decision criticizing and restricting how OCR interprets HIPAA and OCR’s penalty authority.  OCR brought an enforcement action against … Continue Reading

Orthopedic Clinic Settles with HHS OCR for $1.5 Million over Claims of Systemic HIPAA Noncompliance

The US Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently announced a settlement with Georgia-based Athens Orthopedic Clinic PA (the “Clinic”) to resolve multiple alleged violations of the Privacy and Security Rules under the Health Insurance Portability and Accountability Act (“HIPAA”).\ Under the terms of the settlement, the Clinic agreed to … Continue Reading

Complimentary Webinar: Privacy Law, Coronavirus, and Post-Pandemic Best Practices

On April 30, 2020, a Squire Patton Boggs Partner will co-present a complimentary webinar,  Privacy Law, Coronavirus, and Post-Pandemic Best Practices.  The program, organized by Bloomberg Law, will address recent HIPAA changes and temporary waivers, telehealth privacy and cyber considerations, and practical tips and recommendations to manage privacy and cyber risk during these challenging times.  … Continue Reading

HHS Expands Coverage for Telehealth in Response to COVID-19

On March 17, 2020, in response to the national COVID-19 public health emergency, divisions of the Department of Health and Human Services (HHS) outlined a series of policy changes regarding telehealth services. In an effort meant to expand the capacity of the healthcare system and protect seniors who are the most vulnerable to COVID-19, the … Continue Reading

Movant Beware: No Right of Action Under HIPAA, and No Class-Cert Absent Notice

The Sixth Circuit has joined other circuits in unanimously holding that HIPAA creates no private right of action. That was the easy part. The panel divided 2-1 in ruling that a Tennessee statute likewise provides no remedy for patients allegedly overcharged by Ciox, a medical-records company. But Faber v. Ciox Health wasn’t a complete blowout: the court … Continue Reading

Medical Imaging Company Pays $3 Million Data Security Fine

A medical imaging company is paying for its flawed data security system. In addition to its system failures, the company failed to investigate and respond properly when alerted to problems by the FBI. As a result, the Office of Civil Rights imposed a $3 million penalty and required a corrective action plan. This yet another … Continue Reading

Unauthorized TV Cameras in Hospitals Yield Costly HIPAA Penalties of $999,000

For the second time in as many years, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into settlement agreements with and levied hefty fines on three hospitals that allegedly impermissibly disclosed patients’ protected health information to ABC News in the course of filming a television network documentary series.  OCR announced … Continue Reading

How To Avoid Paying $2,000 A Day To Encrypt ePHI

Let’s hope you don’t pay that much to encrypt electronic Protected Health Information (ePHI). How about a total of $4.3 million over two years? Well, that’s the total penalty for encryption violations assessed by Health and Human Services (HHS). An Administrative Law Judge found the penalty could have been much worse. The facts are sobering. … Continue Reading

Key Health Care Technology Privacy and Cybersecurity Considerations

In a podcast interview with Healthcare InfoSecurity, Squire Patton Boggs Partner Elliot Golding addresses evolving healthcare privacy and security issues, particularly complex issues involving Internet of Things (IoT) devices.  This includes addressing new risks when connected devices link to legacy systems, the applicable regulatory environment, and other key issues companies operating in the health care … Continue Reading

States Increase HIPAA Enforcement

A recent blog post summarized Health Insurance Portability and Accountability Act (“HIPAA”) enforcement settlements for Virtual Medical Group (“VMG”) in New Jersey and EmblemHealth in New York that may signal a broader trend of increased state HIPAA enforcement.  Under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act’s amendment to HIPAA, codified at … Continue Reading

HHS OCR Issues New Research Guidance

As part of its ongoing implementation of the 21st Century Cures Act (Public Law 114-255), the Department of Health and Human Services last month released a number of new HIPAA guidance tools, including additional information about research uses and disclosures.  The research guidance contains helpful tips for covered entities regarding authorizations, revocations, and “reviews preparatory … Continue Reading

HHS Announces $400,000 HIPAA Settlement with Community Health Center

The Department of Health and Human Services Office of Civil Rights (HHS OCR) recently settled with a notable covered entity – a nonprofit Federally Qualified Community Health Center (FQHC) – over alleged Health Information Portability and Accountability Act (HIPAA) Privacy and Security Rule violations. With the FQHC agreeing to pay $400,000 to HHS and entering … Continue Reading

Task Forces in 10 States Target Providers of Services to Elderly

On March 30, 2016, the US Department of Justice (DOJ) announced that healthcare providers who serve the elderly in the following 10 states will have task forces looking over their shoulders: California, Georgia, Kansas, Kentucky, Iowa, Maryland, Ohio, Pennsylvania, Tennessee and Washington. Known as the Elder Justice Task Forces (Task Forces), these partnerships combine the … Continue Reading

Triple S’ Violations Spark HHS’ Triple Enforcement Actions

HHS recently agreed to a $3.5 million resolution with business associates and covered entities for numerous violations of the Privacy, Breach Notification, and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA).  Triple S, as the parties are collectively known, seemed to miss the regulatory ball in a few ways, like protected health … Continue Reading

Anthem Data Breach: A Dramatic Reminder about Data Security

News of the data breach suffered by Anthem continues to dominate the news (here, here, and here for example).  And, further raising the stakes, class action lawsuits from individuals whose information has potentially been compromised are beginning to roll into courthouses across the country (California, Alabama, Indiana, Georgia, California (again), and California (again)).  Because health care data is such a … Continue Reading

FBI Warns of “Spear Phishing” for Your Data and Ideas

The widely reported data breach at Community Health Systems, Inc. (CHS) appears to have relied upon a “spear phish email” to launch the initial malware, according to a recent alert from the FBI. Experts engaged by CHS believe that the attacker is an “Advanced Persistent Threat.” The FBI alert provides tips for organizations to prevent … Continue Reading

Business Associate Agreement Update Deadline

September 22, 2014 is the deadline to have business associate and data use agreements updated to conform to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Final Omnibus Rule  (the Omnibus Rule), which became effective September 23, 2013.  The Omnibus Rule’s transition provisions  protect eligible business associate agreements and data use agreements until … Continue Reading
LexBlog