If you are a HIPAA-covered entity or business associate, you likely know that patient PHI may only be created, received, maintained, and transmitted as permitted by the HIPAA Security Rule
Continue Reading Is Your Website HIPAA-Compliant?
New Telehealth Guidance Gives Thumbs-Up to Audio-Only Services
On June 13th, U.S. Department of Health & Human Services (“HHS”) issued guidance advising that covered health care providers and health plans (covered entities) can provide audio-only telehealth services
Continue Reading New Telehealth Guidance Gives Thumbs-Up to Audio-Only ServicesDo You Need To Worry About The New California Data Privacy Law? Maybe
The California Consumer Privacy Act (CCPA) will take effect on January 1, 2020 and regulates most entities that collect personal information of California residents. CCPA was patterned after the European
Continue Reading Do You Need To Worry About The New California Data Privacy Law? Maybe
Beware: HIPAA Applies to the Health Plans You Never Knew You Had (Part 1: Employee Assistance Programs)
You may be surprised to learn that those “extra” benefits your company offers to its employees such as your employee assistance program (“EAP”) and wellness program likely are subject to
Continue Reading Beware: HIPAA Applies to the Health Plans You Never Knew You Had (Part 1: Employee Assistance Programs)
Eight Tips to Confront the New Initiative by HHS on PHI Security
In a recent Guidance, the Office of Civil Rights of the U.S. Department of Health and Human Services (“OCR”) appears to have attempted to reverse an impression that its
Continue Reading Eight Tips to Confront the New Initiative by HHS on PHI Security
Is Your Facility a PokéStop? (A what?)
Are strangers wandering around your health care facility with their noses buried in their smartphones? And if so, what should you do about it? They’re playing Pokémon GO, a
Continue Reading Is Your Facility a PokéStop? (A what?)
Emailing PHI? NIST Seeks Comments on Trustworthy Email by November 30, 2015
When and how should you email PHI, if at all? The Office for Civil Rights (OCR) offers guidance as to the permissibility of sending PHI via email in this “Frequently
Continue Reading Emailing PHI? NIST Seeks Comments on Trustworthy Email by November 30, 2015
Even the Federal Government Can’t Hide: How a High-End Cyberattack Breached One of the Most “Protected” Systems
Guest Blogger: Violetta Abinaked, Summer Associate (originally posted by Mark McCreary’s on Privacy Compliance & Data Security)
With data breaches being the quickly trending “flavor of the month”
Continue Reading Even the Federal Government Can’t Hide: How a High-End Cyberattack Breached One of the Most “Protected” Systems
The New and Improved HIPAA/HITECH Rules: What Employers Need to Know
On February 7, 2013, our partner Keith McMurdy, Esq., posted an excellent entry on the Employee Benefits Blog of Fox Rothschild LLP that merits republishing for our readers as well. The post outlined some direct effects of the new HIPAA Omnibus Rule on employers and their health plans.
Continue Reading The New and Improved HIPAA/HITECH Rules: What Employers Need to Know
HIPAA “Mega Rule”, Meet “Super BAA”: The CMS Data Use Agreement
While the undertakings of a Medicare ACO and the terminology in the Data Use Agreement for protection of patient data may differ from those of covered entities, business associates and subcontractors and their BAAs under the HIPAA/HITECH regulations, they have many striking similarities and purposes.
Continue Reading HIPAA “Mega Rule”, Meet “Super BAA”: The CMS Data Use Agreement