Individual Access Rights

Covered entities beware: a timing pitfall lurks within the recently adopted rules prohibiting information blocking.  We have posted about OCR’s “Right to Access Initiative” and numerous enforcement actions taken to make sure that covered entities respond to patient access requests in a timely manner.  The HIPAA Privacy Rule requires covered entities to respond to access

Mental Health/substance abuse providers and providers treating HIV/AIDS patients are held to a higher standard when it comes to protecting medical records, requiring additional levels of consent and analysis prior to productions. However, recent settlements published by the Office of Civil Rights of the Department of Health and Human Services (OCR) on September 15, 2020

The answer to this question has changed yet again. I’ve blogged on this topic several times in the past (see here, here and here), and described the question as a wriggling worm. Plaintiff Ciox Health, LLC has finally managed to catch that worm and share its bounty among those looking to charge third-party

Last week, the Office for Civil Rights (OCR) announced its second enforcement action and settlement with a provider  for failing to comply with HIPAA’s patient access requirements.  Korunda Medical, LLC, a primary care and pain management practice in Florida, agreed to pay $85,000 and comply with a Corrective Action Plan (CAP) as a result of

Last May, around the time many schools let out for the summer, the Office for Civil Rights (“OCR”) published guidance entitled “Direct Liability of Business Associates” (the “Guidance”), which focuses, not surprisingly, on OCR’s ability to take enforcement action directly against HIPAA business associates. I meant to write about this guidance before Memorial

Data subject access rights and your medical practice: The UK Information Commissioner’s Office (ICO) issues advice.

Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came into effect in May last year, which is a similar trend in other sectors. Here are some points of advice from the ICO:

In our most recent post, the Top 5 Common HIPAA Mistakes to Avoid in 2018, we noted that the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) has recently published guidance on disclosing protected health information (PHI) related to overdose victims. OCR published this and other guidance within the last