On December 18, 2020, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued new guidance on the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The guidance addresses important questions related to the definition of a health information exchange (HIE), when…
On December 10, 2020, the Office of Civil Rights (“OCR”) at the Department of Health and Human Services (“HHS”) announced a proposal to modify the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule. The overarching goal of the proposed rule is to get patients more engaged in their own…
On October 29, 2020, the Office of Civil Rights (“OCR”) of the Department of Health and Human Services (“HHS”) announced that pursuant to credible information by HHS, the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA), hospitals and healthcare providers are at an imminent risk of a cybersecurity attack.…
Beginning on March 6, 2020, the Centers for Medicare and Medicaid Services (“CMS”) has temporarily expanded telehealth services for Medicare beneficiaries and cut back on HIPAA enforcement to help combat the COVID-19. This expansion will last until the end of the public health emergency as declared by the Secretary of…
The Office for Civil Rights (“OCR”), a division of the Department of Health and Human Services (“HHS”), is responsible for investigating complaints and reports that covered entities (i.e., health plans, health care clearinghouses, or health care providers that conduct certain electronic transactions) or business associates have violated either the HIPAA…
In 2015, Anthem, Inc. (“Anthem”) discovered that criminal hackers had breached its electronic database and gained access to over 79 million records, including the records of at least 12 million minors. The protected health information obtained by the hackers included, among other information, names, addresses, dates of birth, medical IDs,…
On April 20, 2017, the Department of Health and Human Services, Office for Civil Rights (HHS OCR) announced that it had reached a settlement with the Center for Children’s Digestive Health (the Center) regarding the Center’s (alleged) violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The…
In January, the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) published a final rule, which modifies HIPAA privacy rules to allow for easier sharing between certain HIPAA covered entities and the National Instant Criminal Background Check System (NICS). Specifically, the final rule allows…
On February 11, 2016, the Department of Health and Human Services, Office for Civil Rights (“OCR”), released important guidance on its Developer Portal to address the application of the Health Insurance Portability and Accountability Act (“HIPAA”) regulations to developers of mobile health apps. Whether a mobile app developer is directly…
On September 9, Linda Sanches, the Senior Advisor for the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) warned that Health Insurance Portability and Accountability Act (HIPAA) audits are forthcoming. Speaking at the HIMSS Privacy and Security Forum in Boston, Sanches cautioned attendees that the best…