HIPAA Updates

April 27, 2020 0

HHS Delays Enforcement of Information Sharing and Interoperability Rules

The new interoperability and data sharing rules that were announced by the HHS on March 9, 2020 were due to [...]

April 10, 2020 0

HHS Issues Notice of Enforcement Discretion for COVID-19 Community-Based Testing Sites

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a Notice of [...]

April 3, 2020 0

OCR Announces Enforcement Discretion for Business Associate Uses and Disclosure of PHI

On April 2, 2020, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued another [...]

March 17, 2020 0

2019 Novel Coronavirus and HIPAA Compliance

Important information on the 2019 Novel Coronavirus and HIPAA compliance, the limited HIPAA waiver announced [...]

March 10, 2020 0

HHS Publishes Final Interoperability, Information Blocking, and Data Sharing Rules

The U.S. Department of Health and Human Services has released its final interoperability, information [...]

March 4, 2020 0

$100,000 HIPAA Fine Imposed on Physician Practice for Security Rule Violations

A $100,000 HIPAA fine has been imposed on a solo physician practice for HIPAA Security Rule failures [...]

February 13, 2020 0

HHS Modifies Pharmacy HIPAA Transaction Requirements for Partially Filled Schedule II Drug Prescriptions

The Department of Health and Human Services (HHS) has issued a final rule modifying the pharmacy HIPAA [...]

January 31, 2020 0

Fee Limitations on Requests to Send Patient Records to Third Parties Lifted

Following a ruling in a federal court that went against the U.S. Department of Health and Human Services, the [...]

November 12, 2019 0

OCR Makes Inflation Adjustment to HIPAA Civil Monetary Penalties

The Office of the Assistant Secretary for Financial Resources (ASFR), Department of Health and Human [...]

November 1, 2019 0

Updated Security Risk Assessment Tool Released to Help Covered Entities with HIPAA Security Rule Compliance

The Department of Health and Human Services’ Office for Civil Rights (OCR) has released an updated version [...]

October 17, 2019 0

More Financial Penalties for HIPAA Right of Access Compliance Failures Expected

At the OCR/NIST HIPAA Security Conference in Washington D.C., the Director of the Department of Health and [...]

Victims of CVS Caremark Data Breach Filed a Class Action Lawsuit for Damages

September 4, 2019 0

HHS Proposes Changes to Ease Restrictions on Part 2 Substance Abuse Disorder Treatment Records

A new rule has been proposed by the Substance Abuse and Mental Health Services Administration (SAMHSA) that [...]

August 9, 2019 0

National Association of Attorneys General Urges Congress to Align Part 2 with HIPAA

The National Association of Attorneys General (NAAG) has written to Congress demanding changes be made to [...]

July 2, 2019 0

OCR Publishes New HIPAA FAQ for Health Plans on Care Coordination and Continuity of Care PHI Disclosures

New HIPAA guidance for health plans has been published by the Department of Health and Human Services’ [...]

June 21, 2019 0

Almost 2 Million Records Exposed in May 2019 Healthcare Data Breaches

It has been another bad month for the U.S. healthcare industry. Rather than April’s record number of [...]

May 24, 2019 0

Medical Informatics Engineering Issued with $100,000 HIPAA Violation Penalty

The Department of Health and Human Services’ Office for Civil Rights has announced a settlement has been [...]

May 6, 2019 0

OCR Issues New Advice on HIPAA and Software Applications Used by Patients to Access PHI

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued new advice on HIPAA [...]

April 29, 2019 0

HHS Changes Maximum Penalties for HIPAA Violations

The Department of Health and Human Services (HHS) has made changes to the maximum penalties for HIPAA [...]

April 26, 2019 0

CMS Starts HIPAA Simplification Rules Audits

The Centers for Medicare and Medicaid Services (CMS) Division of National Standards has recently announced [...]

April 24, 2019 0

Deadline Extended for Comments on HHS Health IT and ePHI Interoperability Rules

New rules were published by the Department of Health and Human Services’ Office of the National Coordinator [...]

March 26, 2019 0

Stricter Breach Notification Laws Proposed by D.C. Attorney General

Washington D.C. Attorney General Karl A. Racine wants to reinforce data breach notification regulations to [...]

March 22, 2019 0

Dental Offices May Be Fined for Slow Release of Copies of Dental Records

The Dental Board of California revealed in a recent report that some dentists in the state are not giving [...]

March 13, 2019 0

Biometric Information Privacy Act Proposed by Florida Lawmakers

New bills (SB 1270 /HB 1153) have been proposed by Senator Gary Farmer (D-FL) and Representative Bobby DuBose [...]

March 7, 2019 0

New Jersey Assembly Approves Expanded Definition of Personal Information Requiring Breach Notifications

The New Jersey Assembly unanimously approved a bill that broadens the types of personal data that call for [...]

March 6, 2019 0

IRS Warns About Tax-Related Phishing Scams

The IRS has launched its 2019 ‘Dirty Dozen’ campaign, which cautions taxpayers about the 12 most commonly [...]

March 5, 2019 0

Nevada Senator Introduces New Data Privacy Act

Nevada Senator Catherine Cortex Masto, (D-NV) recently proposed a bill called the Data Privacy Act, which [...]

February 13, 2019 0

New Rules on Patient Access and Information Blocking Proposed by ONC and CMS

The HHS’ Office of the National Coordinator for Health Information Technology (ONC) and the Centers for [...]

February 6, 2019 0

Wyoming Hospital Records Act of 1991 May be Repealed

Wyoming is contemplating repealing the Hospital Records Act of 1991. The act was created to make sure [...]

January 22, 2019 0

Revised Common Rule Now In Effect

The Federal Policy for the Protection of Human Subjects (45 CFR part 46), also called the Common Rule, has [...]

December 7, 2018 0

AMIA and AHIMA Want Adjustments to HIPAA to Improve Accessibility and Portability of Health Information

The American Medical Informatics Association (AMIA) and the American Health Information Management [...]

November 20, 2018 0

Greater Alignment of Federal Data Privacy Rules Needed

The American Medical Informatics Association (AMIA) is requesting the Health Insurance Portability and [...]

November 19, 2018 0

HHS Plans Request for Information to Discover Issues Hampering Patient Information Sharing and Care Coordination

The HHS has prepared a Request for Information (RFI) to find out how HIPAA Rules are obstructing the sharing [...]

October 30, 2018 0

OCR Campaign to Boost Understanding of Civil Rights Protections for Patients Undergoing Opioid Use Disorder Treatment

On October 26, 2017, U.S. President Donald Trump declared that the opioid crisis in the United States was a [...]

October 15, 2018 0

Changes in HIPAA Regulations and Enforcement in 2018

What changes in HIPAA regulations could be expected in 2018? Are there new HIPAA regulations expected to be [...]

October 14, 2018 0

Limited Waiver of HIPAA Penalties in Florida and Georgia in Aftermath of Hurricane Michael

Alex Azar, secretary of the Department of Health and Human Services (HHS) has waived HIPAA sanctions and [...]

October 1, 2018 0

Three Legislation Changes on HIPAA Regulations in 2018 Under Consideration by OCR

Because of the policy of two out for every new regulation, it is likely that there will be few new HIPAA [...]

September 24, 2018 0

How is the HITECH Act Related to HIPAA and Electronic Health and Medical Records?

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in August 1996. It was updated in [...]

September 14, 2018 0

OCR Pubishes Guidance on Patient Data Sharing During a Public Health Emergency

Following President Trump’s declaration of a public health emergency in Virginia due to Hurricane [...]

September 3, 2018 0

HIPAA Violation Cases: 2013 – 2017

This page contains a summary of HIPAA violation cases which led to settlements with the Department of Health [...]

August 10, 2018 0

OCR Reminds Healthcare Companies the Proper Disposal of Electronic Devices and Media

The Department of Health and Human Services’ Office for Civil Rights, in the July edition of its [...]

August 1, 2018 0

HHS to Release Information for the Proposed Changes on Federal Health Privacy Rules

Alex Azar, Secretary of the Department of Health and Human Services (HHS), explained in an address at The [...]

July 26, 2018 0

New Massachusetts Bill Proposes 18 Months Complimentary Credit Monitoring Services for Data Breach Victims

A new bill has been proposed in the state of Massachusetts that aims to enhance protections for customers [...]

July 14, 2018 0

Patient Privacy and Security Are Most Important to Consumers According to Aetna Survey

Health insurer Aetna conducted a survey about consumers’ attitudes toward healthcare, their associations [...]

July 10, 2018 0

OCR Explains the Importance of Patch Management for HIPAA Compliance

OCR has reminded healthcare organizations of the importance of patch management for HIPAA compliance. Patches [...]

July 9, 2018 0

AHA Provides Extensive Feedback on CMS’ Hospital Inpatient Prospective Payment System Proposed Rule

The American Hospital Association (AHA) has submitted extensive comments about the HHS’ Centers for [...]

June 29, 2018 0

Common Rule Compliance Date Now January, 19 2019

The federal government published on June 19, 2018 the final rule for the Federal Policy for the Protection of [...]

June 8, 2018 0

New Data Protection Law Signed in Colorado

A new bill – HB 1128 – has been signed into law by Colorado Governor John Hickenlooper which [...]

June 1, 2018 0

MGMA Urges CMS to Enforce Compliance with HIPAA Administrative Simplification Rules

The Department of Health and Human Services’ Office for Civil Rights has issued many financial penalties [...]

May 23, 2018 0

New Cybersecurity Law Covering the Insurance Industry Signed in South Carolina

South Carolina Governor Henry McMaster signed into law the South Carolina Insurance Data Security Act on May [...]

May 21, 2018 0

GAO Reports Patients Still Pay Excessive Fees for Copies of Their Medical Records

The Government Accountability Office (GAO) recently conducted an audit which showed that patients still face [...]

May 4, 2018 0

OCR Recommends Risk Analysis And Gap Analysis

OCR published in its April 2018 cybersecurity newsletter the importance of performing a gap analysis. While a [...]

April 26, 2018 0

Study Shows Gap Between Healthcare Compliance Programs and Expectations of Regulators

Most healthcare compliance officers prioritize the compliance of their organizations with the HIPAA Privacy [...]

April 10, 2018 0

ONC Published a New Patient Guidebook to Encourage Patient Health Record Access

The Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC) [...]

April 6, 2018 0

Three Proposed Changes to HIPAA Regulations in 2018

The Trump Administration has introduced a new rule that requires two regulations to be removed for any new [...]

April 3, 2018 0

Can Liquid Web Be Used by Healthcare Organizations Without Violating HIPAA Rules?

Liquid Web is a hosting solution provider that has been in the business for 20 years. Is it a HIPAA compliant [...]

April 2, 2018 0

Can Healthcare Organizations Use Zoho Without Violating HIPAA Rules?

A Pleasanton, CA-based company has been developing Zoho, a suite of cloud-based tools and applications, since [...]

March 22, 2018 0

Healthcare Data Breach Statistics From 2009 to 2017

The Department of Health and Human Services’ Office for Civil Rights began publishing summaries of [...]

March 5, 2018 0

New Version of Colorado Data Breach Notification Bill Cuts Reporting to 30 Days

The Colorado data breach notification bill was introduced in January to protect residents against data [...]

February 7, 2018 0

Massachusetts Launched a New Online Data Breach Reporting Tool

The Massachusetts Attorney General’s office launched a new online data breach reporting tool. The purpose [...]

February 6, 2018 0

Proposed Amendments to the Iowa Breach Notification Act

Iowa Attorney General introduced a new bill that proposes changes to the Iowa Breach Notification Act. Since [...]

February 1, 2018 0

South Dakota Data Breach Notification Bill Introduced

There are only two U.S. states that do not have data breach legislation for the protection of their state [...]

January 31, 2018 0

Colorado Legislators Propose New Privacy and Data Breach Law

A bipartisan group of legislators in Colorado proposed changing its privacy and data breach notification laws [...]

January 3, 2018 0

Second Phase of HIPAA Compliance Audits Likely to Penalize the Noncompliant

Healthcare organizations will pay a big amount for noncompliance with HIPAA Rules. Despite the hefty [...]

January 1, 2018 0

HHS Issued Partial HIPAA Privacy Rule Waiver for the Third Time in 2017

The U.S. Department of Health and Human Services issued a partial waiver of HIPAA sanctions and penalties for [...]

December 29, 2017 0

How Can HIPAA-Covered Entities Lower the Security Risks of Mobile Device Usage?

Healthcare organizations need to address the security risks associated with the use of mobile devices and [...]

December 15, 2017 0

Cottage Health To Pay $2 Million For Failure to Protect Patients’ Privacy and PHI

Santa Barbara-based Cottage Health has agreed to pay $2 million as a financial penalty for a breach case with [...]

November 28, 2017 0

HIV Status of its Members May Possibly Revealed in Amida Care Breach

The New York based not-for-profit community health plan provider Amida Care has reported a HIPAA breach that [...]

November 11, 2017 0

Clinical Worker Receives Five-Year Prison Sentence for Stealing PHI

A clinic employee has failed to get his 5-year jail term reduced. The man stole the protected health [...]

November 3, 2017 0

Clarification on HIPAA Rules on Sharing Patient Information on Opioid Overdoses Issued by OCR

The confusion about HIPAA Rules on sharing patient information on opioid overdoses has been clarified by the [...]

November 2, 2017 0

Sharing of EHR Passwords is Common: Report

According to the released results of a recent survey, the practice of sharing EHR passwords is commonplace, [...]

October 31, 2017 0

What is the HIPAA breach notification rule?

Despite the Health Insurance Portability and Accountability Act of 1996 being one of the most vital pieces of [...]

October 31, 2017 0

McGraw leaves Department of Health and Human Services’ Office for Civil Rights (OCR)

Deven McGraw, the Deputy Director for Health Information Privacy at the Department of Health and Human [...]

October 28, 2017 0

Is Dropbox HIPAA compliant?

Dropbox is a widely-used file hosting service used by many groups to share files, but is Dropbox HIPAA [...]

October 25, 2017 0

HIPAA Compliant Business Associates can be Found Easily Using New Tool

Healthcare groups are only authorized to use business associates that agree to adhere with HIPAA Rules and [...]

October 22, 2017 0

How many HIPAA Violations in 2016?

The Department of Health and Human Services’ Office for Civil Rights (OCR) has increased its enforcement [...]

October 21, 2017 0

Telemedicine HIPAA requirements

The Telemedicene HIPAA requirements affect any medical sector employee or healthcare organization that [...]

October 18, 2017 0

What are the HIPAA e-Signature Requirements?

Digital signatures have been show to increase the efficiency of many administrative processes in the [...]

October 17, 2017 0

Limited Waiver of HIPAA Sanctions issues by HSS in aftermath of Californian Wildfires

A limited waiver of HIPAA sanctions and penalties was issued by the Secretary of the U.S. Department of [...]

October 16, 2017 0

What is HIPAA compliant texting?

The answer to the question “What is HIPAA compliant texting” is generally unclear. Although HIPAA does [...]

October 15, 2017 0

What are the HIPAA email compliance requirements?

There has been much debate about HIPAA email compliance requirements since amendments were made to the Health [...]

October 13, 2017 0

HIV Status of Amida Care Members Potentially Revealed Due to Mailing Error

Amida Care, the New York not-for-profit community health plan, has announced that it has experienced HIPAA [...]

October 12, 2017 0

HIPAA Encryption Requirements

HIPAA encryption requirements have proved a source of much confusion. This is due to the technical safeguards [...]

October 10, 2017 0

What are the HIPAA Requirements for Mobile Devices?

Healthcare organizations and other HIPAA-covered entities have embraced mobile technology and are permitting [...]

October 10, 2017 0

HHS Withdraws Proposed Certification Rule After Concerns Raised

The United States Department of Health and Human Services (HHS) proposed a new rule for certification of [...]

October 9, 2017 0

Why was HIPAA Created?

The Healthcare Insurance Portability and Accountability Act (HIPAA) was signed into law on August 21, 1996 [...]

October 6, 2017 0

What are the HIPAA Telephone Rules?

The Federal Communication Commission has issued a Declaratory Ruling and Order to clarify the HIPAA telephone [...]

October 4, 2017 0

What are the rules for HIPAA Compliant Telemedicine?

The rule for HIPAA Compliant Telemedicine in call centers is something every company, providing an answering [...]

October 3, 2017 0

What are the HIPAA Rules Regarding Text Messaging?

Labeling text messaging as a HIPAA violation is not strictly correct. Whether text messages are a violation [...]

October 1, 2017 0

What are the Penalties for HIPAA Violations?

The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general can [...]

September 27, 2017 0

Initiative to Help Small Healthcare Providers with HIPAA Compliance Launched by HITRUST/AMA

A new initiative – that will assist small healthcare providers with HIPAA compliance, cybersecurity and [...]

September 22, 2017 0

New Proposals from AHA Aim to Reduce Regulatory Burdens

In a recent correspondence with the House Ways and Means Health Subcommittee, the American Hospital [...]

September 22, 2017 0

Hurricane Maria Disaster Zone Has Partial HIPAA Privacy Rule Waiver Imposed

The U.S. Department of Health and Human Services (HHS) has already imposed two partial waivers of HIPAA [...]

September 20, 2017 0

How the Compliancy Group Can Help Covered Entities Pass a HIPAA Audit

The second round of HIPAA compliance audits by the Department of Health and Human Services’ Office for [...]

September 15, 2017 0

OCR Encourage Patients to Get Copies of Their Health Data

The Department of Health and Human Services’ Office for Civil Rights has introduced a new campaign to [...]

September 12, 2017 0

Hospitals Within the Irma Disaster Zone Granted Limited HIPAA Waiver

A public health crisis was declared in some parts of the U.S. Virgin Islands, Florida and Puerto Rico, which [...]

September 8, 2017 0

OCR Tells Covered Entities to Prepare for Hurricanes and Other Natural Disasters

Hospitals in the states of Louisiana and Texas needed to make sure medical services are provided through the [...]

September 6, 2017 0

A Review of HIPAA Settlement Cases for Big Breaches in 2017

The Director of the Department of Health and Human Services’ Office for Civil Rights (OCR), Roger Severino, [...]

September 1, 2017 0

AHA Wrote Congress to Lessen Regulatory Pressure on Hospitals

The American Hospital Association (AHA) sent a letter to the House Ways and Means Health Subcommittee and [...]

August 31, 2017 0

HHS Declares in Hurricane Harvey Disaster Zone the Partial Waiver of Sanctions and Penalties for HIPAA Privacy Rule Violations

During emergency situations for example natural disasters, HIPAA Privacy Rule compliance can be a difficult [...]

August 15, 2017 0