Header graphic for print
HIPAA, HITECH & HIT Legal Issues, Developments and Other Pertinent Information Relating To The Creation, Use and Exchange of Electronic Health Records

Tag Archives: PHI

Six Tips for Physicians to Protect Patient Data on the Internet

Posted in HIPAA Enforcement, Privacy & Security

Our partner Elizabeth Litten and I were once again quoted by our good friend Marla Durben Hirsch in her recent articles in Medical Practice Compliance Alert entitled “Misapplication of Internet Application Triggers $218,400 Settlement” and “Protect Patient Data on the Internet with These 6 Steps.”  The three of us together were able to come up… Continue Reading

Hackers: Take My Health Information, But Please Don’t Take My Health

Posted in Privacy & Security, Sensitive Health Information

We know by now that protected health information (PHI) and other personal information is vulnerable to hackers.  Last week, the Washington Times reported that the Department of Health and Human Services (HHS), the agency responsible for HIPAA enforcement, had suffered security breaches at the hands of hackers in at least five separate divisions over the… Continue Reading

Providers: Beware of HIPAA and Patient Privacy Rules During Employment Disputes

Posted in Privacy & Security

Our partner Elizabeth Litten and I were once again quoted by our good friend Marla Durben Hirsch in her recent article in Medical Practice Compliance Alert entitled “Beware of HIPAA, Patient Privacy During Practice Employment Disputes.”  The full text can be found in the March 30, 2015 issue of Medical Practice Compliance Alert, but a… Continue Reading

Doctor is Arrested for Allegedly Stealing Thousands of Patient Records

Posted in Privacy & Security

Our partner Elizabeth Litten and I were quoted by our good friend Marla Durben Hirsch in her recent article in Medical Practice Compliance Alert entitled “Doctor is Arrested for Stealing Thousands of Patient Records.”  While the full text can be found in the February 16, 2015 issue of Medical Practice Compliance Alert, the following considerations… Continue Reading

When HIPAA Applies to Patient Assistance Programs (and When it Doesn’t), Part 2

Posted in Privacy & Security

I posed a question in Part 1 of this post which I will summarize here:  is personal health information provided to a Patient Assistance Program (PAP) in order to help with covering the cost of prescription drugs protected as “protected health information” (PHI) under HIPAA? Let’s use two examples.  Say Patient A, who knows he… Continue Reading

When HIPAA Applies to Patient Assistance Programs (and When It Doesn’t)

Posted in Privacy & Security

Patient Assistance Programs (PAPs) have proliferated in recent years, despite the fact that many commonly-prescribed medications have lost patent protection and the Affordable Care Act (ACA) has attempted to eliminate pre-existing condition discrimination by insurance companies.  Still, drug costs remain unaffordable to many patients, particularly those with high-cost, chronic conditions, even when patients have insurance… Continue Reading

Protecting Health Information in the Context of Divorce Proceedings and Domestic Relations – Part III

Posted in Privacy & Security, Sensitive Health Information

(Part III continues Part I and Part II of this series on privacy of health information in the domestic relations context, which may be found here and here. Capitalized words not defined in this Part III shall have the meanings assigned in Part I or Part II.) 6. The situation can be further complicated by… Continue Reading

Basic HIPAA Question for Mobile Health Application Developers: What Are You?

Posted in Health IT, Privacy & Security

Health-related technology has developed light-years faster than health information privacy and security protection laws and policies, and consumers can find new mobile health applications for a wide range of purposes ranging from diabetes management to mole or rash evaluation to fitness tracking.  Smart mobile app developers wondering when and how HIPAA privacy and security requirements… Continue Reading

Not All Sensitive Health Information is Protected Health Information Under HIPAA

Posted in Sensitive Health Information

Recently our partner Keith R. McMurdy posted an entry on the Fox Rothschild Employee Benefits Legal Blog entitled “HIPAA Medical Privacy Matters: Court Permits ADA Claim to Proceed.”  While the full text of the excellent blog posting can be found here, I thought that a specific HIPAA point in Keith’s posting was well worth emphasizing: … Continue Reading

New NJ Standard More Stringent than HIPAA

Posted in New Jersey

New Jersey Governor Chris Christie signed a bill (S.562) into law on January 9, 2015 that will impose a standard more stringent than HIPAA on health insurance carriers authorized (i.e., licensed) to issue health benefits plans in New Jersey.  Effective August 1, 2015, such carriers will be required to secure computerized records that include certain personal… Continue Reading

HIPAA Holiday Cheer (Lament?)

Posted in HIPAA Enforcement

On the twelfth day of breaches my hacker sent to me: Twelve Data Downloads Eleven Plundered Patches Ten Missed BA Contracts Nine Malware Installs Eight Mis-sent Faxes Seven Stolen Laptops Six Snooping Staffers Five Old NPPs Four Lost Thumbdrives Three Re-sent Texts Two Pop-up Links … And a Bill for Compliance Auditing. For a glimpse… Continue Reading

Celebrities’ Health Information Compromised by Sony Hacking

Posted in Privacy & Security, Sensitive Health Information

Fox Rothschild partner Scott Vernick recently appeared as a guest on the Willis Report to discuss the fallout of the hacking of Sony Pictures Entertainment.  Click here to view the segment.  Celebrities’ individually identifiable health information, some of which appears to be protected health information (“PHI”) under HIPAA, was among the sensitive personal data hacked… Continue Reading

Patient Support Groups, Email and the Duty to Warn

Posted in Privacy & Security

I was recently asked whether the sending of an unencrypted group email to participants in a health-related support group violated HIPAA.  Faithful blog readers can guess my first question:  “Was the sender a covered entity, business associate, or subcontractor?”  Many support group entities are non-profit organizations staffed by volunteers and do not meet the definition… Continue Reading

Medical Device, “Heal Thyself” from Data Hacking

Posted in Privacy & Security

Innovative health care-related technology and developing telemedicine products have the potential for dramatically changing the way in which health care is accessed.  The Federation of State Medical Boards (FSMB) grappled with some of the complexities that arise as information is communicated electronically in connection with the provision of medical care and issued a Model Policy… Continue Reading

“Step Away from that Subpoena” and Review HIPAA Obligations Before Producing PHI

Posted in Privacy & Security

If you receive a subpoena, discovery request, or even a court order demanding the release or production of documents or files that may contain protected health information (PHI), are you obligated to comply?  The surprising answer, in many cases, is “no”.  Even more surprising may be the fact that, in attempting to comply with what… Continue Reading

Countdown to September 22nd — Shortcuts for Business Associate Agreement Compliance

Posted in HIPAA Business Associates

The deadline for executing a HIPAA Omnibus Rule-compliant Business Associate Agreement (BAA) looms just 2 short weeks from today.  What can a busy covered entity (CE) or business associate (BA) do quickly to show HHS (let alone its business partners/contractors) that it wants and fully intends to comply with the new requirements?  Here are  3 shortcuts… Continue Reading

The Parade of Major Reported PHI Breaches Surges to 885 – Theft and Loss Dominate the Numbers

Posted in Privacy & Security, Security Breach Notification

The number of large breaches of Protected Health Information (PHI) under HIPAA that have been reported on the so-called “Wall of Shame” (the HHS List) maintained by the U.S. Department of Health and Human Services has jumped by 239 to 885 in less than a year.    The most common breach type is “theft” in this… Continue Reading

Two Months to Amend HIPAA Business Associate Agreements for Omnibus Compliance, But Beware the Bare Bones BAA

Posted in HIPAA Enforcement, Omnibus Rule

Does your business associate agreement (BAA) reflect your business deal, or is it a bare bones HIPAA compliance document? Now is the time to check. The HIPAA “Omnibus Rule” published in January of 2013 gave covered entities, business associates, and subcontractors until September 22, 2014 to make their business associate agreements (BAAs) compliant, so use… Continue Reading

Paper Records HIPAA Violation Results in $800,000 Payment under HHS Resolution Agreement

Posted in HIPAA Enforcement, Privacy & Security

My partner Elizabeth Litten was quoted at length by Alexis Kateifides in his recent article in DataGuidance entitled “USA: ‘Unique’ HIPAA violation results in $800,000 settlement.”  While the full text can be found in the June 26, 2014 article in DataGuidance.com, the following considerations are based upon points discussed in the article.  (Elizabeth herself has… Continue Reading

PHI Data Breaches just went from Bad Dream to Nightmare in West Virginia

Posted in Privacy & Security

Michael Coco writes: The dreaded PHI data breach is every covered entity’s bad dream, but the West Virginia Supreme Court just turned that bad dream into a nightmare. The court decided a case, Tabata v. Charleston Area Medical Center, Inc., brought on behalf of thousands of patients requesting class certification to sue the medical center for… Continue Reading