If you are a HIPAA-covered entity or business associate, you likely know that patient PHI may only be created, received, maintained, and transmitted as permitted by the HIPAA Security Rule
Continue Reading Is Your Website HIPAA-Compliant?
Updated OCR Guidance on Contacting Recovered COVID-19 Patients
The Office for Civil Rights within the Department of Health and Human Services (OCR) provided guidance in June that reassured covered entity health care providers and that it is generally
Continue Reading Updated OCR Guidance on Contacting Recovered COVID-19 Patients
Dos and Don’ts from OCR’s Guidance and FAQs on Telehealth and HIPAA
On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth
Continue Reading Dos and Don’ts from OCR’s Guidance and FAQs on Telehealth and HIPAA
HIPAA and COVID-19: ABCs For Working From Home
If your company is a covered entity or a business associate, you face unique challenges when workforce members ask or are required to work from home. Hopefully, your company’s HIPAA
Continue Reading HIPAA and COVID-19: ABCs For Working From Home
FAQs on HIPAA Privacy and COVID-19
Fox Rothschild partner Bill Maruca’s article, “Protecting Privacy During an Infectious Disease Panic”, is (unfortunately) as relevant today as it was when it was posted here more than 5 years
Continue Reading FAQs on HIPAA Privacy and COVID-19
Breach Notice Deadline Alert
If you are a covered entity who experienced a breach of unsecured protected health information affecting fewer than 500 individuals , you must notify the Office of Human Rights of
Continue Reading Breach Notice Deadline Alert
The California AG May Be Watching You, Covered Entity
As Fox partner Odia Kagan posted yesterday, early enforcement of CCPA will focus on data related to kids. In addition, according to a recent article in the San Francisco Chronicle
Continue Reading The California AG May Be Watching You, Covered Entity
Bankrupt Medical Records Company Hit with $100,000 Penalty for HIPAA Violations
Filefax, Inc., a defunct Illinois medical records storage and management company, has been fined $100,000 for improperly handling medical data under an agreement with the court-appointed receiver managing the company’s
Continue Reading Bankrupt Medical Records Company Hit with $100,000 Penalty for HIPAA Violations
When HIPAA Compliance Is Not Enough: The Territorial Scope of GDPR
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Whereas HIPAA applies to particular types or classes of data creators, recipients, maintainers or transmitters
Continue Reading When HIPAA Compliance Is Not Enough: The Territorial Scope of GDPR
New HIPAA Guidance on Disclosure of PHI Related to Opioid Abuse and Mental Health
In our most recent post, the Top 5 Common HIPAA Mistakes to Avoid in 2018, we noted that the U.S. Department of Health and Human Services, Office for Civil
Continue Reading New HIPAA Guidance on Disclosure of PHI Related to Opioid Abuse and Mental Health