Archives: HIPAA and Health Information

Subscribe to HIPAA and Health Information RSS Feed

HHS Proposes Modifications to the HIPAA Privacy Rule to Enhance Care Coordination and Management and Remove Barriers to Accessing Information

On December 10, 2020, the U.S. Department of Health and Human Services (HHS) announced proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which is one of several rules that protect the privacy and security of individuals’ medical records and other protected health information (PHI). According to HHS, the proposed changes … Continue Reading

OCR Settles Another Right-of-Access Initiative Case

The Office for Civil Rights (OCR) issued a press release on November 12, 2020, announcing that it had settled its eleventh enforcement action in its HIPAA Right-of-Access Initiative. The settlement with Dr. Rajendra Bhayani, an otolaryngologist (ENT) practicing in Regal Park, New York, included a payment of $15,000, a corrective action plan and two years … Continue Reading

OCR’s Tenth Right to Access Settlement Is Small but Meaningful

The Office for Civil Rights (OCR) recently settled a tenth case under its right-to-access initiative with California-based Riverside Psychiatric Medical Group (RPMG), for $25,000. Although a relatively small settlement in the amount paid, it shows that the OCR is taking patients’ requests for access to their medical records seriously, and that no complaint is too … Continue Reading

ShopRite Settles with NJ AG for Data Breach

New Jersey Attorney General (AG) Gurbir S. Grewal announced on November 2, 2020, that his office has settled with ShopRite’s parent company, Wakefern Food Corp. (Wakefern) and two of its supermarket entities for $235,000 for a data breach that occurred in 2016. According to the press release, the AG alleged that Wakefern violated HIPAA and … Continue Reading

California’s Proposition 24 – CCPA 2.0 Meets the California GDPR

Proposition 24 is known as the California Privacy Rights Act of 2020 (CPRA). It is on the ballot in California on November 3, and if it passes it will amend and expand certain provisions of the California Consumer Privacy Act (CCPA). Some say it’s CCPA 2.0, however, there are some provisions that make the CPRA … Continue Reading

OCR Settles with NY Spine for Failure to Provide Access to Records

Continuing its enforcement priority of assisting patients with obtaining access to their health records, the Office for Civil Rights (OCR) recently settled its ninth case with a covered entity that it alleged failed to provide proper access of health records to a patient. NY Spine Medicine, a medical practice providing neurological and pain management series … Continue Reading

Dignity Health Settles with OCR for $160,000 for Failing to Provide Access to Records

Continuing with its previous enforcement actions centered on covered entities’ failure to provide patients with access to their health records, the Office for Civil Rights (OCR) announced on October 9, 2020 that it entered into a settlement with Dignity Health, doing business as St. Joseph’s Hospital and Medical Center in Phoenix (St. Joseph’s) for $160,000 … Continue Reading

Community Health Systems, Inc. Settles for $5 M in Multi-State Settlement

On October 8, 2020, New Jersey Attorney General Gurbir Grewal (AG) announced that his office has entered into a multi-state settlement agreement with Community Health Systems, Inc. (CHS) stemming from an investigation of a 2014 data breach that exposed personal information of approximately 6.1 million patients, including 45,000 New Jersey residents. This is after CHS … Continue Reading

Premera Blue Cross Settles with OCR for $6.85 Million for Breach of 10.4 Million Records

Premera Blue Cross (Premera) has agreed to settle with the Office for Civil Rights (OCR) for $6.85 million over allegations of violations of HIPAA after an investigation of a data breach that occurred in 2014 affecting 10.4 million individuals. This is the largest settlement the OCR has entered into with a covered entity in 2020, … Continue Reading

CCPA Amendments Signed by Governor Newsom

Recently we wrote about two amendments to the California Consumer Privacy Act of 2018 (CCPA) that were awaiting signature on Governor Newsom’s desk: AB 1281, which extends the one-year exemptions for employee information and business to business information for another year until January 1, 2022; and AB 713, which provides an exemption from the CCPA … Continue Reading

Athens Orthopedic Settles with OCR for $1.5M for Data Breach

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that it has settled potential violations of HIPAA with Athens Orthopedic Clinic PA (Athens) for $1.5 million, following an investigation of a data breach that occurred in 2016. The data breach compromised the protected health information of 208,557 individuals when … Continue Reading

HIPAA Business Associate Pays $2.3 Million Settlement After Hackers Target PHI of Over 6 Million Individuals

Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of Tennessee, agreed to pay $2,300,000 to the Office for Civil Rights (OCR) in settlement of potential violations of HIPAA’s Privacy and Security … Continue Reading

OCR Settles Five Investigations Under “Right of Access” Initiative

The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA “Rights to Access” Initiative (Initiative), which OCR had stated would be an enforcement priority for it starting in 2019. The Initiative is “to support individuals’ right to timely access to their health records at a reasonable cost under … Continue Reading

Size Doesn’t Matter for OCR Enforcement Actions

Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion. On July 23, 2020, the OCR issued a press release outlining the terms of its settlement with Metropolitan Community … Continue Reading

AGs Express Concerns About Contact Tracing Apps and Protection of Consumer Personal Information

As many states continue to reopen businesses and permit more gatherings, public health officials are looking to contact tracing as a key strategy for preventing further spread of COVID-19.  In contact tracing, public health staff work with patients who have suspected or confirmed COVID-19 infection to help them recall everyone with whom they had close … Continue Reading

OCR Issues Guidance About Media Access to Health Care Facilities

These days, news stations are frequently running stories concerning people being treated for COVID-19, the providers working tirelessly to care for them, and politicians visiting health care facilities for a first-hand look at the crisis. In response to the media interest, the Office for Civil Rights (OCR) issued guidance on May 5, 2020 to healthcare … Continue Reading

OCR Issues Additional Guidance on HIPAA for Providers and First Responders on COVID-19 Front Lines

On March 24, 2020, the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued new HIPAA guidance to help providers and first responders in its efforts to combat the COVID-19 pandemic. OCR’s guidance addresses when HIPAA allows disclosures without patient authorization of identifying health information to first responders – such … Continue Reading

COVID-19: HHS Issues FAQs on HIPAA and Telehealth to Help Providers Maintain Access to Care During the Pandemic

On March 20, the U.S. Department of Health and Human Services (HHS) issued additional guidance in the form of Frequently Asked Questions (FAQs) on HIPAA and telehealth services to help providers furnish care during the COVID-19 pandemic. The FAQs follow and provide further information on the Notification of Enforcement Discretion issued by HHS on March 17 (Notification), … Continue Reading

HHS Issues Confusing Limited Waiver on Sharing of Patient Information Following COVID-19

Acknowledging the “additional challenges” on health care providers following the outbreak of COVID-19, the Department of Health and Human Services (HHS) recently issued several waivers for covered entities to address the need to share patient information after the President declared a national emergency concerning COVID-19. One of the waivers issued by HHS is to “waive … Continue Reading

Department of Health & Human Services Office for Civil Rights Issues Guidance Regarding HIPAA Privacy and Novel Coronavirus

The Office of Civil Rights (OCR) last month provided guidance and a reminder to HIPAA covered entities and their business associates regarding the sharing of patient health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule during an outbreak or emergency situation such as what we are all facing right now … Continue Reading

Privacy Tip #228 – Coronavirus Scare Is the Perfect Cover for Fraudsters

The coronavirus—or COVID-19—has health care experts scrambling, and has caused global concern for health and well-being due to its rapid spread throughout many countries, including the United States. A scare like this is the perfect opportunity for scammers and fraudsters to prey on well-intentioned people. Unfortunately, during this global health care concern, criminals are using … Continue Reading

Yearly Data Breach Reporting Due to OCR by February 29

Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500 individuals and have not already been self-reported within 60 days following the calendar year. That means that covered entities are required … Continue Reading

Over 30 Data Breach Incidents in Health Care Reported to HHS Thus Far in 2020, Affecting Over 1 Million Individuals

Health care organizations continue to be a popular target for hackers. According to information from the U.S. Department of Health & Human Services (HHS), more than 30 reports of data breaches were filed by health care entities in the first month and a half of 2020. Although a few reported breaches involved theft or improper … Continue Reading
LexBlog