Covered entities beware: a timing pitfall lurks within the recently adopted rules prohibiting information blocking.  We have posted about OCR’s “Right to Access Initiative” and numerous enforcement actions taken to make sure that covered entities respond to patient access requests in a timely manner.  The HIPAA Privacy Rule requires covered entities to respond to access

A recent conversation with a colleague in California prompted me to write this. He said that as part of its back-to-school plan, his children’s elementary school district “highly encouraged” that all students be tested for COVID-19 before returning to class. The district provided families with an in-home saliva test and asked parents to collect their

Mental Health/substance abuse providers and providers treating HIV/AIDS patients are held to a higher standard when it comes to protecting medical records, requiring additional levels of consent and analysis prior to productions. However, recent settlements published by the Office of Civil Rights of the Department of Health and Human Services (OCR) on September 15, 2020

On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth and HIPAA compliance.

“OCR will exercise enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered

Effective March 15, 2020, certain hospitals that fail to comply with specific HIPAA Privacy Rule requirements will not be subject to HIPAA sanctions and penalties, according to a “COVID-19 & HIPAA Bulletin” issued by U.S. Health and Human Services Secretary Alex M. Azar. The waiver was implemented as a response to President Trump’s