H.R. 7898, sent to the President for signature on December 24, 2020 may be the HIPAA holiday gift covered entities and business associates have been waiting for. The bill requires the Secretary of the Department of Health and Human Services, when considering penalties, audits and other actions related to HIPAA breaches and security incidents,
HIPAA
Re-Setting the Clock for Responding to Individual Access Requests Under the Information Blocking Rule
By Elizabeth G. Litten on
Posted in Individual Access Rights
Covered entities beware: a timing pitfall lurks within the recently adopted rules prohibiting information blocking. We have posted about OCR’s “Right to Access Initiative” and numerous enforcement actions taken to make sure that covered entities respond to patient access requests in a timely manner. The HIPAA Privacy Rule requires covered entities to respond to access…
Which Privacy Protections Apply? HIPAA, FERPA and COVID-19
By Elizabeth G. Litten on
Posted in Privacy & Security
A recent conversation with a colleague in California prompted me to write this. He said that as part of its back-to-school plan, his children’s elementary school district “highly encouraged” that all students be tested for COVID-19 before returning to class. The district provided families with an in-home saliva test and asked parents to collect their…
HIPAA Right to Access Initiative Targets Psychiatric/Mental Health Providers
By Susan McNear Fradenburg on
Mental Health/substance abuse providers and providers treating HIV/AIDS patients are held to a higher standard when it comes to protecting medical records, requiring additional levels of consent and analysis prior to productions. However, recent settlements published by the Office of Civil Rights of the Department of Health and Human Services (OCR) on September 15, 2020…
New OCR Resource Adds Guidance on HIPAA and Direct-to-Consumer Health Apps
By Elizabeth G. Litten on
Posted in EHR and PHR, Health IT
A tricky issue for mobile health app developers since the Office for Civil Rights (OCR) released its first “Health App Use Scenarios & HIPAA” guidance back in 2016 has been deciphering whether the developer is a business associate if it offers its app on a consumer-facing basis as well as through covered entities (or their…
Updated OCR Guidance on Contacting Recovered COVID-19 Patients
By Elizabeth G. Litten on
Posted in HIPAA Authorizations
The Office for Civil Rights within the Department of Health and Human Services (OCR) provided guidance in June that reassured covered entity health care providers and that it is generally OK to use or disclose protected health information (PHI) to contact individuals who have recovered from COVID-19 for case management and care coordination.
The OCR…
Employer Collection of COVID-19 Data and Employee Privacy
By Elizabeth G. Litten on
Posted in Privacy & Security
The following post is adapted from an article written by Fox Rothschild attorneys Wayne Pinksone and Lucy Li, available here.
OSHA recently published guidance for “nonessential businesses” that are intending to reopen and allow their employees to return to work. This guidance is intended to supplement the U.S. Department of Labor and U.S. Department…
Dos and Don’ts from OCR’s Guidance and FAQs on Telehealth and HIPAA
By Elizabeth G. Litten on
Posted in Privacy & Security, Uncategorized
On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth and HIPAA compliance.
“OCR will exercise enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered…
COVID-19 Update: Limited Waiver of HIPAA Sanctions and Penalties for Certain Hospitals
By Elizabeth G. Litten on
Effective March 15, 2020, certain hospitals that fail to comply with specific HIPAA Privacy Rule requirements will not be subject to HIPAA sanctions and penalties, according to a “COVID-19 & HIPAA Bulletin” issued by U.S. Health and Human Services Secretary Alex M. Azar. The waiver was implemented as a response to President Trump’s…
HIPAA and COVID-19: ABCs For Working From Home
By Elizabeth G. Litten on
Posted in Privacy & Security, Uncategorized
If your company is a covered entity or a business associate, you face unique challenges when workforce members ask or are required to work from home. Hopefully, your company’s HIPAA Security Policies and Procedures address the use of portable devices, whether they are owned by the employer or by the employee, and your HIPAA security…