The Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) recently settled four more investigations under the HIPAA Right of Access Initiative, which totals 11 settlements thus far. In September, the OCR released a press release detailing its settlement of five additional actions under the HIPAA Right of Access Initiative. In
Health IT
New OCR Resource Adds Guidance on HIPAA and Direct-to-Consumer Health Apps
A tricky issue for mobile health app developers since the Office for Civil Rights (OCR) released its first “Health App Use Scenarios & HIPAA” guidance back in 2016 has been deciphering whether the developer is a business associate if it offers its app on a consumer-facing basis as well as through covered entities (or their…
“I Have an App for That”: ONC’s Information Blocking Rule and HIPAA Access Rights
A patient asks her doctor to send her test results to an app the patient has downloaded on her phone. The doctor worries that the app is not secure and that the patient might not understand the security risks. What should the doctor do?
Covered entity health care providers and their business associates likely need…
How the Grinch Steals Health Care Data: OCR Warnings and Tips in Time for the Holidays
More and more often, health care data is stolen or made inaccessible by targeted ransomware attacks. The Office for Civil Rights (OCR) published a newsletter this week that provides warnings for HIPAA covered entities and business associates. It also provides practical tips to prevent and help you survive these attacks.
OCR’s warnings should resonate with…
Wearable Devices, Wellness Programs, and Health Apps: The Fringes of HIPAA
With the explosion of health data sifting through cutting-edge companies, industry stakeholders are left to wonder how wearable devices, wellness programs, health applications, and the like should be regulated.
Despite current belief, the Health Insurance Portability and Accountability Act (“HIPAA”) does not regulate all health information. HIPAA regulates health information collected and retained by covered…
Data Privacy and Bias Concerns in AI Health Tech
Artificial Intelligence (“AI”) refers to algorithm tools that simulate human intelligence, mimic human actions, and can incorporate self-learning software. The benefits of AI tech can reduce spending, provide alternative treatment ideas, and improve patient experience, diagnosis, and outcome.
Consider virtual health assistants who deliver medication alerts and patient education, AI used to detect abnormalities in…
Feeling Lucky? You Could Be One of the Nine Covered Entities Selected for HIPAA Compliance Review this Month
If you are a covered entity health plan or clearinghouse, you may be among the nine (un)lucky entities randomly chosen this month for review into compliance with HIPAA’s Administrative Simplification rules governing electronic transactions, code sets, and unique identifiers. According to an FAQ published in March, the Centers for Medicare & Medicaid Services (CMS), acting…
HIPAA Security and “Zero Day” Exploits: How to Stay Ahead of the Hack
HHS Office for Civil Rights (OCR)’s April 3, 2019 cybersecurity newsletter highlights one of the more challenging cybersecurity vulnerabilities faced by covered entities and business associates. OCR reminds covered entities (CEs) and business associates (BAs) that compliance with the HIPAA Security Rule can help, but stops a bit short of providing concrete guidance as to…
New Apple Watch May Mark Time To Rethink HIPAA
The new Apple Watch Series 4® is one of the more recent and sophisticated consumer health engagement tools. It includes a sensor that lets wearers take an electrocardiogram (ECG) reading and detect irregular heart rhythms. The U.S. Food & Drug Administration (FDA) recently approved these functions as Class II medical devices, which generally…
Join Top Cybersecurity Pros at Fox’s Privacy Summit

Fox Rothschild’s Minneapolis Privacy Summit on November 8 will explore key cybersecurity issues and compliance questions facing company decision-makers. This free event will feature an impressive array of panelists drawn from cybersecurity leaders, experienced regulatory and compliance professionals and the Chief Division Counsel of…