Elizabeth G. Litten

Subscribe to Elizabeth G. Litten's Posts

Follow:

New OCR Resource Adds Guidance on HIPAA and Direct-to-Consumer Health Apps

By Elizabeth G. Litten on September 4, 2020

A tricky issue for mobile health app developers since the Office for Civil Rights (OCR) released its first “Health App Use Scenarios & HIPAA” guidance back in 2016 has been deciphering whether the developer is a business associate if it offers its app on a consumer-facing basis as well as through covered entities (or their…

Updated OCR Guidance on Contacting Recovered COVID-19 Patients

By Elizabeth G. Litten on August 24, 2020

The Office for Civil Rights within the Department of Health and Human Services (OCR) provided guidance in June that reassured covered entity health care providers and that it is generally OK to use or disclose protected health information (PHI) to contact individuals who have recovered from COVID-19 for case management and care coordination.

The OCR…

“I Have an App for That”: ONC’s Information Blocking Rule and HIPAA Access Rights

By Elizabeth G. Litten on August 17, 2020

A patient asks her doctor to send her test results to an app the patient has downloaded on her phone. The doctor worries that the app is not secure and that the patient might not understand the security risks. What should the doctor do?

Covered entity health care providers and their business associates likely need…

Employer Collection of COVID-19 Data and Employee Privacy

By Elizabeth G. Litten on July 13, 2020

The following post is adapted from an article written by Fox Rothschild attorneys Wayne Pinksone and Lucy Li, available here.

OSHA recently published guidance for “nonessential businesses” that are intending to reopen and allow their employees to return to work. This guidance is intended to supplement the U.S. Department of Labor and U.S. Department…

Don’t Get Sprayed: CISA Alert Reminds Health Care Entities to Use Strong Passwords

By Elizabeth G. Litten on May 6, 2020

A joint Alert from the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warns of new cyber attacks targeting COVID-19-related information.

Notably, these attacks succeed when system users have weak or common passwords. NCSC published frequently found passwords here, many of which are…

OCR Webinar on HIPAA and COVID-19: Key Points for Covered Entities and Business Associates

By Elizabeth G. Litten on April 28, 2020

Fox Rothschild LLP partner Beth Larkin listened to the HHS Office for Civil Rights 4/24/20 webinar (which should be posted on its website at some point) regarding HIPAA and COVID-19 and took notes. Here’s my summary of key points, based on Beth’s notes:

Overview: OCR stresses that the HIPAA Rules are supposed to be balanced…

Dos and Don’ts from OCR’s Guidance and FAQs on Telehealth and HIPAA

By Elizabeth G. Litten on March 23, 2020

On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth and HIPAA compliance.

“OCR will exercise enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered…

COVID-19 Update: Limited Waiver of HIPAA Sanctions and Penalties for Certain Hospitals

By Elizabeth G. Litten on March 17, 2020

Effective March 15, 2020, certain hospitals that fail to comply with specific HIPAA Privacy Rule requirements will not be subject to HIPAA sanctions and penalties, according to a “COVID-19 & HIPAA Bulletin” issued by U.S. Health and Human Services Secretary Alex M. Azar. The waiver was implemented as a response to President Trump’s…

HIPAA and COVID-19: ABCs For Working From Home

By Elizabeth G. Litten on March 13, 2020

If your company is a covered entity or a business associate, you face unique challenges when workforce members ask or are required to work from home. Hopefully, your company’s HIPAA Security Policies and Procedures address the use of portable devices, whether they are owned by the employer or by the employee, and your HIPAA security…

More for Employers re: HIPAA Privacy and COVID-19

By Elizabeth G. Litten on March 11, 2020

The FAQs included in my prior post address employer response with an eye to HIPAA compliance. What else can an employer do or not do with employee information related to COVID-19 status? Even covered entities and business associates concerned with HIPAA must be alert to other laws that affect their communications and action plans. Employers…

menu

HIPAA & Health Information Technology