The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Whereas HIPAA applies to particular types or classes of data creators, recipients, maintainers or transmitters
Continue Reading When HIPAA Compliance Is Not Enough: The Territorial Scope of GDPR
covered entity
New HIPAA Guidance on Disclosure of PHI Related to Opioid Abuse and Mental Health
In our most recent post, the Top 5 Common HIPAA Mistakes to Avoid in 2018, we noted that the U.S. Department of Health and Human Services, Office for Civil…
Continue Reading New HIPAA Guidance on Disclosure of PHI Related to Opioid Abuse and Mental Health
Ten Tips for Actions by a Covered Entity after a HIPAA Breach by a Business Associate
This blog recently discussed tips for a covered entity (CE) in dealing with a HIPAA business associate (BA). Now, even though you have adopted all of the tips and…
Continue Reading Ten Tips for Actions by a Covered Entity after a HIPAA Breach by a Business Associate
Your Business Associates Hold Your HIPAA Compliance Future in Their Hands: Eleven Things You Can Do
Our partner Elizabeth Litten and I were recently featured again by our good friend Marla Durben Hirsch in her article in the April 2017 issue of Medical Practice Compliance Alert…
Continue Reading Your Business Associates Hold Your HIPAA Compliance Future in Their Hands: Eleven Things You Can Do
When HIPAA Applies to Patient Assistance Programs (and When it Doesn’t), Part 2
I posed a question in Part 1 of this post which I will summarize here: is personal health information provided to a Patient Assistance Program (PAP) in order to help…
Continue Reading When HIPAA Applies to Patient Assistance Programs (and When it Doesn’t), Part 2
Protecting Health Information in the Context of Divorce Proceedings and Domestic Relations – Part III
(Part III continues Part I and Part II of this series on privacy of health information in the domestic relations context, which may be found here and here. Capitalized…
Continue Reading Protecting Health Information in the Context of Divorce Proceedings and Domestic Relations – Part III
Basic HIPAA Question for Mobile Health Application Developers: What Are You?
Health-related technology has developed light-years faster than health information privacy and security protection laws and policies, and consumers can find new mobile health applications for a wide range of purposes…
Continue Reading Basic HIPAA Question for Mobile Health Application Developers: What Are You?
HIPAA Compliance Trends for 2015
As she had done in 2014, Marla Durben Hirsch interviewed my partner Elizabeth Litten and me for her annual Medical Practice Compliance Alert article on compliance trends for the …
Connecticut Supreme Court Recognizes Individual’s Right for State Tort Action Using HIPAA as Standard of Care
The Connecticut Supreme Court handed down a decision in the case of Byrne v. Avery Center for Obstetrics and Gynecology, P.C., — A.3d —-, 2014 WL 5507439 (2014) that
[a]ssuming,
Patient Support Groups, Email and the Duty to Warn
I was recently asked whether the sending of an unencrypted group email to participants in a health-related support group violated HIPAA. Faithful blog readers can guess my first question: “Was…
Continue Reading Patient Support Groups, Email and the Duty to Warn