Many employers who offer wellness programs to their employees may not have considered compliance with HIPAA privacy, security and breach notification rules (collectively, “HIPAA Rules”), since they don’t think of their wellness programs as a group health plan. Part 1 of this post covered why most employee assistance programs (“EAPs”) are subject to the HIPAA
Beware: HIPAA Applies to the Health Plans You Never Knew You Had (Part 1: Employee Assistance Programs)
You may be surprised to learn that those “extra” benefits your company offers to its employees such as your employee assistance program (“EAP”) and wellness program likely are subject to the HIPAA privacy, security and breach notification rules (collectively, “HIPAA Rules”). Part 1 covers why most EAPs are subject to the HIPAA Rules. Part 2
The President Can Tweet, But Can a Doctor Text?
Text messaging is a convenient way for busy doctors to communicate, but for years, the question has remained: are doctors allowed to convey sensitive health information with other members of their provider team over SMS? The answer is now “yes,” thanks to a memo published last week by the U.S. Department of Health & Human
New HIPAA Guidance on Disclosure of PHI Related to Opioid Abuse and Mental Health
In our most recent post, the Top 5 Common HIPAA Mistakes to Avoid in 2018, we noted that the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) has recently published guidance on disclosing protected health information (PHI) related to overdose victims. OCR published this and other guidance within the last
Florida Supreme Court Rules That Privacy Continues After Death
On November 9, the Florida Supreme Court ruled in the case of Emma Gayle Weaver, etc. v. Stephen C. Myers, M.D., et al., that the right to privacy under the Florida Constitution does not end upon an individual’s death. Fox partner and HIPAA Privacy & Security Officer Elizabeth Litten recently reacted to the decision
“Getting Receipts” – The Millennial Disconnect Between Short-Term Social Media Posts and HIPAA
Long gone are the days when social media consisted solely of Myspace and Facebook, accessible only by logging in through a desktop computer at home or personal laptop. With every single social media platform readily available on personal cellular devices, HIPAA violations through social media outlets are becoming a frequent problem for healthcare providers and
Equifax Breach Checker – Curiosity May Have a Cost (But it’s Refundable)
Individuals who have received notice of a HIPAA breach are often offered free credit monitoring services for some period of time, particularly if the protected health information involved included social security numbers. I have not (yet) received such a notice, but was concerned when I learned about the massive Equifax breach (see here to view
Electronic Health Records and HIPAA Security: A Design Problem Fixable With Blockchain Technology?
In some respects, HIPAA has had a design problem from its inception. HIPAA is well known today as the federal law that requires protection of individually identifiable health information (and, though lesser-known, individual access to health information), but privacy and security were practically after-thoughts when HIPAA was enacted back in 1996. HIPAA (the Health
Ten Tips for Actions by a Covered Entity after a HIPAA Breach by a Business Associate
This blog recently discussed tips for a covered entity (CE) in dealing with a HIPAA business associate (BA). Now, even though you have adopted all of the tips and more, in this dangerous and ever more complex data security world, one of your BAs suffers a breach and it becomes your responsibility as the
Washington State Passes Law Restricting Commercial Collection, Storage and Use of Biometric Data
On July 23, 2017, Washington State will become the third state (after Illinois and Texas) to statutorily restrict the collection, storage and use of biometric data for commercial purposes. The law focuses on “biometric identifiers,” which it defines as “data generated by automatic measurements of an individual’s biological characteristics, such as a fingerprint, voiceprint, eye