Tag Archives: HIPAA

California legislature proposes ‘urgency statute’ to revise CCPA’s health care and research exemptions

As currently drafted, the California Consumer Privacy Act (“CCPA”) leaves many questions unresolved regarding how the law applies to data collected and used in the health care and life sciences industries, particularly in the research context. Clinical research sponsors and other industry participants have raised concerns about how the CCPA may impede care delivery and … Continue Reading

Proposed CCPA amendment would provide significant clarity to health care and life sciences companies

Despite intensive lobbying from industry groups, multiple amendments before its effective date, and extensive proposed regulations from the California attorney general, the California Consumer Privacy Act (CCPA) went into effect earlier this month with still many questions left unanswered: What compromises will be made regarding employee and business-to-business data? Will there be further insight into … Continue Reading

New OCR fact sheet clarifies HIPAA liability for business associates

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a fact sheet clarifying violations of HIPAA (Health Insurance Portability and Accountability Act of 1996) for which a business associate can be held directly liable. The fact sheet outlines 10 specific circumstances for which OCR has authority to take enforcement … Continue Reading

OCR releases new FAQs on use of health apps

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) released a new set of Health Insurance Portability and Accountability Act (HIPAA) FAQs  building upon prior guidance from OCR. The new FAQs discuss the applicability of HIPAA to covered entities and business associates that interact with health apps and explain when HIPAA regulated … Continue Reading

HHS reexamines prior interpretation of the Health Information Technology for Economic and Clinical Health Act’s penalty structure

The U.S. Department of Health and Human Services (“HHS”) filed a Notice of Enforcement Decision (the “Notice of Enforcement”) on April 26, 2019, confirming the agency’s reconsideration of its prior interpretation of the Health Information Technology for Economic and Clinical Health Act’s (the “HITECH Act’s”) penalty structure. Effective immediately, the maximum penalty that the HHS … Continue Reading

OCR’s Latest Health Breach Investigations Yield Big Settlements

In a span of a few weeks in early January 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced two major settlements under the Health Insurance Portability and Accountability Act (“HIPAA”) relating to the breach of protected health information (“PHI”). Neither settlement included an admission of any liability, but … Continue Reading

OIG Report Indicates OCR Not Overseeing and Enforcing HIPAA Security Rule

A November 21, 2013 report published by the Office of the Inspector General (OIG) concluded that The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) is not fully enforcing the HIPAA Security Rule and laid out recommendations for the OCR to implement. The OIG’s report also concluded separately that OCR is … Continue Reading

Theft of Unencrypted Flash Drive Causes OCR to Issue Settlement and Corrective Action Plan for Physician Practice

This post was also written by John E. Wyand. The Department of Health and Human Services’ Office for Civil Rights (OCR) opened an investigation of Adult & Pediatric Dermatology, P.C. (APDerm) after a report was made regarding the theft of an unencrypted flash drive. To settle potential violations of the Health Insurance Portability and Accountability … Continue Reading

State Attorneys General Maintain Sharp Focus on Privacy

Though the National Association of Attorneys General (NAAG) Presidential Initiative “Privacy in a Digital Age” expired in June 2013 when a new NAAG president took over, the state attorneys general have maintained their sharp focus on all things privacy, with no signs that that focus will shift anytime soon. Most recent case in point: a … Continue Reading

Long-Awaited HITECH Final Rule is Here

This post was also written by Salvatore G. Rotella, Jr., Elizabeth Doyle O’Brien, Jennifer Pike and Zachary A. Portin. After much anticipation, the Office for Civil Rights of the United States Department of Health and Human services published the HITECH Final Rule on January 25, 2013. The final regulation contains substantive and technical modifications and additions … Continue Reading

The Arrival of the OCR HIPAA/HITECH Final Rule is Here

The long awaited final rule, released yesterday by the Office for Civil Rights (OCR) of the Department of Health and Human Services, modifies the HIPAA Privacy, Security, Breach and Enforcement Rules and is comprised of four final rules which implement the statutory requirements of the Health Information Technology for Economic and Clinical Health Act (HITECH) and the … Continue Reading

Awaiting the Release of the HITECH Final Rule

As the year is coming to an end, the industry is speculating the release date of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) final rule. The final rule is expected to address modifications to the Privacy, Security, Enforcement, and Breach Notification Rules, and with the release date yet to be determined, … Continue Reading

First Enforcement Action Resulting From a Breach Self-Report Announced by OCR

On March 13, 2012 the Department of Health and Human Services (HHS), Office of Civil Rights (OCR) announced its settlement with Blue Cross Blue Shield of Tennessee (BCBST), marking the first enforcement action resulting from a breach self-report required by HITECH’s Breach Notification Rule. For a more detailed analysis, please click here.… Continue Reading

HHS Issues Notice of Proposed Rulemaking Regarding the HIPAA Privacy Rules Standard for Accounting of Disclosures Requirements and Access Report

Firm attorneys Gina M. Cavalier and Brad M. Rostolsky recently wrote about a HIPAA privacy update on the Life Sciences Legal Update blog. Specifically, the Department of Health and Human Services (HHS) today issued a Notice of Proposed Rulemaking implementing provisions of the HITECH Act related to accounting for disclosures of protected health information (PHI). … Continue Reading

HHS Announces First Ever Civil Money Penalty for Violations of HIPAA Privacy Rule

This post was also written by Gina Cavalier. Earlier this week, Reed Smith’s blog Life Sciences Legal Update posted that the Department of Health and Human Services’ (HHS), Office for Civil Rights (OCR) announced the imposition of the first ever civil money penalty for violations of the HIPAA Privacy Rule.  To learn more about this significant … Continue Reading
LexBlog