Header graphic for print
HIPAA, HITECH & HIT Legal Issues, Developments and Other Pertinent Information Relating To The Creation, Use and Exchange of Electronic Health Records

Tag Archives: HIPAA

“I Want My PHI”, Part 2 – OCR Audits Will Focus on Individual Access Rights

Posted in HIPAA Audits, HIPAA Authorizations, Individual Access Rights, Uncategorized

We blogged on this back in early May, but compliance with individuals’ rights to access their PHI under HIPAA is even more critical now that OCR has announced that its current HIPAA audits will focus on an audited Covered Entity’s documentation and process related to these access rights. In an email sent to listserv participants… Continue Reading

Health Care Providers: Have You Considered HIPAA Compliance for Your Practice’s Group Health Plans?

Posted in HIPAA Audits, HIPAA Enforcement

Contributed by Elizabeth R. Larkin and Jessica Forbes Olson Health care providers know about and have worked with HIPAA privacy and security rules for well over a decade. They have diligently applied it to their covered entity health care provider practices and to their patients and think they have HIPAA covered. What providers may not… Continue Reading

Reflections on HIPAA Protections and Permissions in the Wake of the Orlando Tragedy

Posted in HIPAA Enforcement, Individual Access Rights, Uncategorized

My heart goes out to any family member trying desperately to get news about a loved one in the hours and days following an individual or widespread tragedy, irrespective of whether it was triggered by an act of nature, an act of terrorism, or any other violent, unanticipated, life-taking event. My mind, though, struggles with… Continue Reading

I Want My PHI! HIPAA Access Rights, Authorizations and HHS Guidance

Posted in HIPAA Authorizations, Individual Access Rights

Daily struggles to protect personal data from hacking, phishing, theft and loss make it easy to forget that HIPAA is not just about privacy and security.  It also requires covered entities (CEs) to make an individual’s protected health information (PHI) accessible to the individual in all but a few, very limited circumstances.  Recent guidance published by the Department… Continue Reading

Tips on Avoiding HIPAA Breaches for Patient-Employee Records

Posted in Articles, Privacy & Security, Sensitive Health Information

Our partner Elizabeth Litten and I were featured again by our good friend Marla Durben Hirsch in her article in the April 2016 issue of Medical Practice Compliance Alert entitled “5 safeguards to take with patient-employee health records.” Full text can be found in the April, 2016 issue, but a synopsis is below. For her… Continue Reading

There’s An App For That Health Information – But is it HIPAA-Covered?

Posted in EHR and PHR, Health IT

“Maybe” is the take-away from recent guidance posted on OCR’s mHealth Developer Portal, making me wonder whether the typical health app user will know when her health information is or is not subject to HIPAA protection. The guidance is clear and straightforward and contains no real surprises to those of us familiar with HIPAA, but… Continue Reading

Breach or Ransomware Attack? Can’t Sue Under HIPAA, but Maybe Under CFAA

Posted in Privacy & Security, Uncategorized

The following post was contributed by our colleague Lucy Li. HIPAA itself does not provide a private right of action. So when a hacker or rogue employee impermissibly accesses or interferes with electronic data or data systems containing protected health information, an employer subject to HIPAA cannot sue the perpetrator under HIPAA.  Similarly, when a… Continue Reading

Death and HIPAA Privacy Rights: What Would Justice Scalia Have Said?

Posted in Privacy & Security

This week’s headlines read: “Scalia’s death probably linked to obesity, diabetes and coronary artery disease, physician says” and “Scalia suffered from many health problems”.   An article from a couple of weeks ago, immediately following reports of Justice Scalia’s February 13th death, reported that Scalia’s doctor said he had chronic cardiovascular disease. These articles do not… Continue Reading

Apple, the FBI, and iPhone Encryption: A Battle of Biblical Proportions with Implications for HIPAA

Posted in Encryption, Health IT, Privacy & Security

Whether it was an apple or a quince, pomegranate, or some other more botanically-likely fruit growing in the Garden of Eden, God’s command in Genesis was clear: do not eat the fruit from the tree of the knowledge of good and evil.  When Adam and Eve ate the apple (or other fruit) anyway, they gained… Continue Reading

HIP-HIP(AA)-HOORAY: Margaret Davino, Esq. Joins Fox Rothschild HIPAA Team and Offers 5 Tips for 2016 HIPAA Compliance

Posted in HIPAA Enforcement, Privacy & Security

I’m sure fellow bloggers Bill Maruca and Michael Kline join me in giving three cheers for the recent growth in our firm’s health care practice (welcome, Minneapolis!) and ever-deepening pool of attorneys dealing with clients’ privacy and data security issues. But one recent addition to our team, Margaret (“Margie”) Davino, gets a fourth cheer for… Continue Reading

Election Year Predictions: Expansion of Federal Healthcare Privacy Regulation

Posted in HIPAA Enforcement, Privacy & Security

Our partner Elizabeth Litten and I were quoted by our good friend Marla Durben Hirsch in her article in Medical Practice Compliance Alert entitled “6 Compliance Trends Likely to Affect Your Practices in 2016.” Full text can be found in the January 13, 2016, issue, but a synopsis is below. For her article, Marla asked… Continue Reading

Patient Data Must Be Encrypted, Not “Camouflaged”, as Per FTC Settlement

Posted in Health IT, Privacy & Security

Health care vendors beware: if you tell customers that your product provides industry-standard encryption of protected health information in compliance with HIPAA, you’d better be sure it doesn’t simply “camouflage” the data. The FTC recently announced a $250,000 settlement with Henry Schein Practice Solutions, Inc. (“Henry Schein”) for falsely advertising that the software it marketed… Continue Reading

Some Issues for Providers Regarding Involvement of Authorities in Patient ID Checks

Posted in Articles, Medical Identity Theft, Privacy & Security

Our partners Elizabeth Litten and William H. Maruca and I were quoted by our good friend Marla Durben Hirsch in her article in Medical Practice Compliance Alert entitled “Watch for HIPAA Pitfalls When Involving Police in ID Checks.” Full text can be found in the October 26, 2015, issue, but a synopsis is below. Marla’s… Continue Reading

Emailing PHI? NIST Seeks Comments on Trustworthy Email by November 30, 2015

Posted in Health IT, HIPAA Enforcement, Privacy & Security, Uncategorized

When and how should you email PHI, if at all?  The Office for Civil Rights (OCR) offers guidance as to the permissibility of sending PHI via email in this “Frequently Asked Question” answer, but doesn’t provide specifics as to how PHI can be safely emailed.  Whether you are a covered entity or a business associate… Continue Reading

5 Practical Steps for Business Associate Compliance

Posted in HIPAA Business Associates

Congratulations!  You have a HIPAA-compliant business associate (or subcontractor) agreement in place – now what? How can you implement the agreement without becoming a HIPAA guru? There are many resources available that offer detailed guidance on risk analysis and implementation protocols (such as the Guide to Privacy and Security of Electronic Health Information published by… Continue Reading

How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips

Posted in Privacy & Security

As our partner Mark McCreary writes in his post describing the “Framework for Improving Critical Infrastructure Cybersecurity” published by the National Institute of Standards and Technology (NIST): The Framework is designed to work with businesses to reach a sufficient level of cybersecurity protection regardless of size, sector, or level of security.  The Framework consists of… Continue Reading

Six Tips for Physicians to Protect Patient Data on the Internet

Posted in HIPAA Enforcement, Privacy & Security

Our partner Elizabeth Litten and I were once again quoted by our good friend Marla Durben Hirsch in her recent articles in Medical Practice Compliance Alert entitled “Misapplication of Internet Application Triggers $218,400 Settlement” and “Protect Patient Data on the Internet with These 6 Steps.”  The three of us together were able to come up… Continue Reading

Hackers: Take My Health Information, But Please Don’t Take My Health

Posted in Privacy & Security, Sensitive Health Information

We know by now that protected health information (PHI) and other personal information is vulnerable to hackers.  Last week, the Washington Times reported that the Department of Health and Human Services (HHS), the agency responsible for HIPAA enforcement, had suffered security breaches at the hands of hackers in at least five separate divisions over the… Continue Reading

HIPAA-Type Protections Are Not Just For Humans – When It Comes To Medical Records, Animals Have Privacy Rights, Too (Part 1)

Posted in Privacy & Security, Sensitive Health Information

Co-authored by Nancy Halpern, DVM, Esq.; also posted on Animal Law Update HIPAA does not protect animals’ health information – it applies to the protected health information (or PHI) of an “individual”, defined as “the person who is the subject of” the PHI. However, state laws governing the confidentiality of health information also come into… Continue Reading

Athletes Do Not Leave Their HIPAA Rights At The Locker Room Door

Posted in Articles, Privacy & Security

HIPAA has made an unlikely appearance twice already this month in news reports involving famous athletes. Between the Pierre-Paul medical record tweet by ESPN reporter Adam Schefter earlier this month (discussed by my partner and fellow blogger Bill Maruca here) and the ticker-tape parade featuring confetti made of shredded (but apparently legible) medical information raining… Continue Reading

Expert Interview with William Maruca About Protecting Medical Records

Posted in HIPAA Business Associates, Privacy & Security

Our partner Bill Maruca, who is the Editor and a frequent contributor to this blog, was recently interviewed by PracticeSuite as part of their Expert Interview program.  In the course of his interview, Bill discusses patient confidentiality, keeping records safe and private, and trends in the medical billing industry.  One important recommendation by Bill is taken from his… Continue Reading

The Jiggery-Pokery of HIPAA Hacks

Posted in Health IT, Privacy & Security

I must thank Justice Scalia for injecting this delightfully descriptive term into the realm of health care.  Justice Scalia’s scathing dissent from the majority in the recent Supreme Court decision interpreting the Patient Protection and Affordable Care Act is rife with memorable expressions, but this is my favorite. The Merriam Webster definition of jiggery-pokery is:… Continue Reading

When Privacy Policies Should NOT Be Published – Two Easy Lessons From the FTC’s Nomi Technologies Case

Posted in Privacy & Security

This case has nothing to do with HIPAA, but should be a warning to zealous covered entities and other types of business entities trying to give patients or consumers more information about data privacy than is required under applicable law.  In short, giving individuals more information is not better, especially where the information might be… Continue Reading