HIPAA and Health Information

The state of Virginia might be the next state to enact a privacy law. Senate Bill No. 1392 recently passed the Senate and is likely on its way to Governor Ralph Northam’s desk.  The bill adds the Consumer Data Protection Act to the Virginia Code and includes definitions of biometric data, precise geolocation data, profiling,

The Office for Civil Rights (OCR) recently announced another settlement involving investigations under its Right of Access Initiative. This settlement, the sixteenth such agreement under the Initiative (and one of the most interesting), involves San Diego-based Sharp HealthCare, doing business as Sharp Rees-Stealy Medical Centers (SRMC). In the settlement, OCR alleged that it received a

On January 14, 2021, the U.S. Court of Appeals for the Fifth Circuit overturned a $4.348 million penalty for alleged HIPAA violations assessed by the U.S. Department of Health & Human Services (HHS) against the University of Texas M.D. Anderson Cancer Center (Hospital). The case arises from an enforcement action undertaken by HHS following the

On December 10, 2020, the U.S. Department of Health and Human Services (HHS) announced proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which is one of several rules that protect the privacy and security of individuals’ medical records and other protected health information (PHI). According to HHS, the proposed changes

The Office for Civil Rights (OCR) issued a press release on November 12, 2020, announcing that it had settled its eleventh enforcement action in its HIPAA Right-of-Access Initiative. The settlement with Dr. Rajendra Bhayani, an otolaryngologist (ENT) practicing in Regal Park, New York, included a payment of $15,000, a corrective action plan and two years

The Office for Civil Rights (OCR) recently settled a tenth case under its right-to-access initiative with California-based Riverside Psychiatric Medical Group (RPMG), for $25,000.

Although a relatively small settlement in the amount paid, it shows that the OCR is taking patients’ requests for access to their medical records seriously, and that no complaint is too

New Jersey Attorney General (AG) Gurbir S. Grewal announced on November 2, 2020, that his office has settled with ShopRite’s parent company, Wakefern Food Corp. (Wakefern) and two of its supermarket entities for $235,000 for a data breach that occurred in 2016.

According to the press release, the AG alleged that Wakefern violated HIPAA and

Proposition 24 is known as the California Privacy Rights Act of 2020 (CPRA). It is on the ballot in California on November 3, and if it passes it will amend and expand certain provisions of the California Consumer Privacy Act (CCPA). Some say it’s CCPA 2.0, however, there are some provisions that make the CPRA

Continuing its enforcement priority of assisting patients with obtaining access to their health records, the Office for Civil Rights (OCR) recently settled its ninth case with a covered entity that it alleged failed to provide proper access of health records to a patient.

NY Spine Medicine, a medical practice providing neurological and pain management series

Continuing with its previous enforcement actions centered on covered entities’ failure to provide patients with access to their health records, the Office for Civil Rights (OCR) announced on October 9, 2020 that it entered into a settlement with Dignity Health, doing business as St. Joseph’s Hospital and Medical Center in Phoenix (St. Joseph’s) for $160,000