On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth and HIPAA compliance.

“OCR will exercise enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered

Effective March 15, 2020, certain hospitals that fail to comply with specific HIPAA Privacy Rule requirements will not be subject to HIPAA sanctions and penalties, according to a “COVID-19 & HIPAA Bulletin” issued by U.S. Health and Human Services Secretary Alex M. Azar. The waiver was implemented as a response to President Trump’s

Fox Rothschild partner Bill Maruca’s article, “Protecting Privacy During an Infectious Disease Panic”, is (unfortunately) as relevant today as it was when it was posted here more than 5 years ago. Swap Ebola for COVID-19, and the article provides useful guidance for covered entities and business associates subject to HIPAA and to employers, family and

Fellow Fox Rothschild LLP Partner (and former hospital system General Counsel) Salvatore J.  Russo generously contributed this post.

Some twenty-three years ago, the first well-publicized incident of the re-identification of de-identified personal health data was brought to the attention of the American public. It involved the then governor of Massachusetts, William Weld.   Dr. Latanya Sweeney

On the sixth day of CCPA the California Senate Health Committee gave to me … a HIPAA carve-out.

AB 713, reported favorably by the California Senate Health Committee, would expand the exemption related to HIPAA and medical research.

Specific carve-outs:
  • De-identified PHI or medical information, provided that the business does not attempt nor actually re-identify

More than eleven years have passed since the U.S. Department of Health and Human Services (HHS), the agency responsible for the privacy of protected health information under HIPAA, and the U.S. Department of Education (DOE), the agency responsible for the privacy of student records under FERPA, issued joint guidance on the interplay between HIPAA and