On December 10, 2020, the U.S. Department of Health and Human Services (HHS) announced proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which is one of several rules that protect the privacy and security of individuals’ medical records and other protected health information (PHI). According to HHS, the proposed changes

Conor Duffy
Conor Duffy is a member of Robinson+Cole's Health Law Group and the firm's Data Privacy and Security Team. Conor advises hospitals, physician groups, community providers, and other health care entities on general corporate matters and health care issues. He provides legal counsel on a full range of transactional and regulatory health law issues, including contracting, licensure, mergers and acquisitions, Medicare and Medicaid fraud and abuse laws and regulations, HIPAA compliance, and other data privacy and security matters. Read his rc.com bio here.
OCR Issues Additional Guidance on HIPAA for Providers and First Responders on COVID-19 Front Lines
On March 24, 2020, the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued new HIPAA guidance to help providers and first responders in its efforts to combat the COVID-19 pandemic.
OCR’s guidance addresses when HIPAA allows disclosures without patient authorization of identifying health information to first responders – such…
COVID-19: HHS Issues FAQs on HIPAA and Telehealth to Help Providers Maintain Access to Care During the Pandemic
On March 20, the U.S. Department of Health and Human Services (HHS) issued additional guidance in the form of Frequently Asked Questions (FAQs) on HIPAA and telehealth services to help providers furnish care during the COVID-19 pandemic.
The FAQs follow and provide further information on the Notification of Enforcement Discretion issued by HHS…
HHS Issues Timely Reminder of Applicability of HIPAA to Outbreak Situations
On February 3, 2020, the U.S. Department of Health and Human Services (HHS) issued a bulletin (the Bulletin) to remind covered entities and business associates of how patient information may be shared under HIPAA in the event of an emergency, such as an outbreak of infectious disease. The Bulletin was issued in response to the…
OCR Announces Second $85,000 Settlement for Alleged Violations of the Individual Right of Access under HIPAA
On December 12, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced its second “HIPAA Right of Access Initiative” settlement of alleged HIPAA violations.
The HIPAA Right of Access Initiative is a new effort in 2019 by OCR to monitor compliance with HIPAA requirements addressing patient rights to promptly…
Misdirected Hospital Bills Lead to $2.175 Million HIPAA Settlement
On November 27, 2019, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a $2.175 million dollar settlement with a hospital system to resolve alleged violations of HIPAA’s Breach Notification Rule and Privacy Rule. The settlement is noteworthy as it represents OCR’s fourth HIPAA settlement in excess of $1 million…
For First Time Ever, Government Brings HIPAA Enforcement Action Alleging Violations of Right to Access Medical Records
On September 9, 2019, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that it had settled its first ever HIPAA enforcement action arising from alleged violations of the individual right to access health information under HIPAA. OCR entered into a settlement with Bayfront Health St. Petersburg (Bayfront) in response…
Spurred by Opioid Crisis, Government Proposes Additional Changes to Substance Use Disorder Confidentiality Regulations to Facilitate Provision of Coordinated Care
On August 26, 2019, the Department of Health and Human Services Substance Abuse and Mental Health Services Administration (SAMHSA) published a notice of proposed rulemaking (NPRM) to “better align” its substance use disorder (SUD) confidentiality regulations at 42 C.F.R. Part 2 (Part 2) with the needs of providers and patients, and to “facilitate the provision of well-coordinated care” for individuals with SUD.…
Continue Reading Spurred by Opioid Crisis, Government Proposes Additional Changes to Substance Use Disorder Confidentiality Regulations to Facilitate Provision of Coordinated Care
OIG Issues Alert to Warn of ‘Free’ Genetic Testing Scams Seeking to Steal Information
On June 3, 2019, the U.S. Department of Health and Human Services Office of Inspector General (OIG) issued a fraud alert to notify consumers about genetic testing fraud schemes (the Alert). According to the OIG, fraudulent actors are using the provision of free genetic testing kits to obtain Medicare information from unwitting consumers, and…
OCR Issues Fact Sheet Listing Circumstances in which Business Associates May Face Direct Liability for HIPAA Violations
In a development that may – understandably – have been overlooked by many heading into Memorial Day weekend, on May 24, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Fact Sheet on Direct Liability of Business Associates under the Health Insurance Portability and Accountability Act (HIPAA).…