Artificial Intelligence (AI) is widely viewed as a valuable tool for improving health and healthcare. It is being used by major technology companies such as Google, small start-up companies, and researchers to collect and analyze health data collected from a variety of sources. As stated by Abhimanyu S. Ahjula in this October 2019 article:
Uncategorized
“I Have an App for That”: ONC’s Information Blocking Rule and HIPAA Access Rights
A patient asks her doctor to send her test results to an app the patient has downloaded on her phone. The doctor worries that the app is not secure and that the patient might not understand the security risks. What should the doctor do?
Covered entity health care providers and their business associates likely need…
Don’t Get Sprayed: CISA Alert Reminds Health Care Entities to Use Strong Passwords
A joint Alert from the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warns of new cyber attacks targeting COVID-19-related information.
Notably, these attacks succeed when system users have weak or common passwords. NCSC published frequently found passwords here, many of which are…
Dos and Don’ts from OCR’s Guidance and FAQs on Telehealth and HIPAA
On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth and HIPAA compliance.
“OCR will exercise enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered…
Medicare and OCR Relax Telehealth Rules Under Medicare and HIPAA
By Margaret J. Davino, Salvatore J. Russo and Nawa A. Lodin
In the Medicare Telemedicine Healthcare Provider Fact Sheet published March 17, 2020, the Centers for Medicare & Medicaid Services (CMS) broadened access to Medicare telehealth services to allow Medicare patients to receive more services from their doctors without travel to a health care…
COVID-19 Update: Limited Waiver of HIPAA Sanctions and Penalties for Certain Hospitals
Effective March 15, 2020, certain hospitals that fail to comply with specific HIPAA Privacy Rule requirements will not be subject to HIPAA sanctions and penalties, according to a “COVID-19 & HIPAA Bulletin” issued by U.S. Health and Human Services Secretary Alex M. Azar. The waiver was implemented as a response to President Trump’s…
HIPAA and COVID-19: ABCs For Working From Home
If your company is a covered entity or a business associate, you face unique challenges when workforce members ask or are required to work from home. Hopefully, your company’s HIPAA Security Policies and Procedures address the use of portable devices, whether they are owned by the employer or by the employee, and your HIPAA security…
More for Employers re: HIPAA Privacy and COVID-19
The FAQs included in my prior post address employer response with an eye to HIPAA compliance. What else can an employer do or not do with employee information related to COVID-19 status? Even covered entities and business associates concerned with HIPAA must be alert to other laws that affect their communications and action plans. Employers…
Breach Notice Deadline Alert
If you are a covered entity who experienced a breach of unsecured protected health information affecting fewer than 500 individuals , you must notify the Office of Human Rights of the Department of Health and Human Services of the breach within 60 days of the end of the calendar year in which the breach was…
Tell Me Again: What Can Covered Entities (or their Business Associates) Charge for Medical Records Requests?
The answer to this question has changed yet again. I’ve blogged on this topic several times in the past (see here, here and here), and described the question as a wriggling worm. Plaintiff Ciox Health, LLC has finally managed to catch that worm and share its bounty among those looking to charge third-party…