In a recent landmark decision, the United States District Court for the Northern District of Texas issued an opinion and order with significant implications for healthcare providers and their use of online technologies. The case, filed by the American Hospital Association, Texas Hospital Association, Texas Health Resources, and United Regional…
As healthcare regulatory attorneys, we’ve seen firsthand the confusion and challenges that arise when health-related entities fall outside the purview of the Health Insurance Portability and Accountability Act (HIPAA). One crucial, newly released, regulation that often gets overlooked is the Federal Trade Commission’s (FTC) Health Breach Notification Rule (HBN Rule).…
HIPAA itself does not contain a private right of action for individuals following unauthorized disclosures of medical information. Yet, HIPAA does not prohibit individuals from seeking remedies through state or other law. Each U.S. state’s tort law system can potentially allow individuals to pursue reparations when they are harmed by…
On April 6th, 2022, a HIPAA-regulatory Request for Information (RFI) was released by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) soliciting feedback from the public for future rulemaking. The RFI seeks information on how the industry views “recognized security practices,” and on OCR’s compensating…
Participants in the healthcare industry have seen a multi-front threat related to their information security practices/healthcare data – increased enforcement and fines by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR); increased scrutiny from plaintiffs’ attorneys and State Attorneys General; and increased threats from malicious…
On March 17, 2020, the Office for Civil Rights (“OCR”) issued a notification regarding enforcement discretion for telehealth remote communications that may not fully comply with applicable HIPAA Rules (the “Notification”). The Notification provides that OCR will not impose penalties on covered health care providers for noncompliance with regulatory requirements…
Small health care data breaches – those affecting fewer than 500 patients – that occurred in the 2019 calendar year must be reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) by February 29, 2020. The HIPAA Breach Notification Rule requires HIPAA-covered entities to report…
As of April 30, 2019, the maximum penalties for violations of the Health Insurance Portability and Accountability Act (HIPAA) have new annual limits. These updated penalties will be based on the level of culpability associated with the violation, according to the Department of Health and Human Services (HHS). Organizations that…
Maintaining compliance with all HIPAA Rules has never been more important for a health care business’s success than it is now. Last year, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) concluded an all-time record in Health Insurance Portability and Accountability Act…
Tomorrow, March 1, 2019, is the deadline for reporting small data breaches (<500) that occurred in calendar year 2018 to the Department of Health and Human Services’ Office for Civil Rights (OCR). Any HIPAA-covered entities and their business associates are required by the HIPAA Breach Notification Rule to, at least…