Artificial Intelligence (AI) is widely viewed as a valuable tool for improving health and healthcare. It is being used by major technology companies such as Google, small start-up companies, and researchers to collect and analyze health data collected from a variety of sources. As stated by Abhimanyu S. Ahjula in this October 2019 article:
protected health information
Updated OCR Guidance on Contacting Recovered COVID-19 Patients
By Elizabeth G. Litten on
The Office for Civil Rights within the Department of Health and Human Services (OCR) provided guidance in June that reassured covered entity health care providers and that it is generally OK to use or disclose protected health information (PHI) to contact individuals who have recovered from COVID-19 for case management and care coordination.
The OCR…
HIPAA versus FERPA: New Joint Guidance Highlights Emergencies and Complexities
By Elizabeth G. Litten on
More than eleven years have passed since the U.S. Department of Health and Human Services (HHS), the agency responsible for the privacy of protected health information under HIPAA, and the U.S. Department of Education (DOE), the agency responsible for the privacy of student records under FERPA, issued joint guidance on the interplay between HIPAA and…
The California AG May Be Watching You, Covered Entity
By Elizabeth G. Litten on
As Fox partner Odia Kagan posted yesterday, early enforcement of CCPA will focus on data related to kids. In addition, according to a recent article in the San Francisco Chronicle, the California Attorney General will focus on how large companies that deal with sensitive information, including health data, comply with CCPA.
A post this…
New Apple Watch May Mark Time To Rethink HIPAA
By Elizabeth Litten on
The new Apple Watch Series 4® is one of the more recent and sophisticated consumer health engagement tools. It includes a sensor that lets wearers take an electrocardiogram (ECG) reading and detect irregular heart rhythms. The U.S. Food & Drug Administration (FDA) recently approved these functions as Class II medical devices, which generally…
Beware: HIPAA Applies to the Health Plans You Never Knew You Had (Part 1: Employee Assistance Programs)
By Jessica Forbes Olson on
You may be surprised to learn that those “extra” benefits your company offers to its employees such as your employee assistance program (“EAP”) and wellness program likely are subject to the HIPAA privacy, security and breach notification rules (collectively, “HIPAA Rules”). Part 1 covers why most EAPs are subject to the HIPAA Rules. Part 2…
Your Business Associates Hold Your HIPAA Compliance Future in Their Hands: Eleven Things You Can Do
By Michael Kline on
Our partner Elizabeth Litten and I were recently featured again by our good friend Marla Durben Hirsch in her article in the April 2017 issue of Medical Practice Compliance Alert entitled “Business associates who farm out work create more risks for your patients’ PHI.” Full text can be found in the April, 2017 issue, but…
Nine Tips for Avoiding HIPAA Breaches When Responding to Widespread Healthcare Emergencies
By Michael Kline on
The aftermath of the Orlando nightclub tragedy has led to much discussion about ways that healthcare providers can and should deal with compliance with health information privacy requirements in the face of disasters that injure or sicken many individuals in a limited time frame. One aspect is the pressure to treat patients while simultaneously fulfilling…
Reflections on HIPAA Protections and Permissions in the Wake of the Orlando Tragedy
By Elizabeth Litten on
My heart goes out to any family member trying desperately to get news about a loved one in the hours and days following an individual or widespread tragedy, irrespective of whether it was triggered by an act of nature, an act of terrorism, or any other violent, unanticipated, life-taking event. My mind, though, struggles with…
I Want My PHI! HIPAA Access Rights, Authorizations and HHS Guidance
By Elizabeth Litten on
Daily struggles to protect personal data from hacking, phishing, theft and loss make it easy to forget that HIPAA is not just about privacy and security. It also requires covered entities (CEs) to make an individual’s protected health information (PHI) accessible to the individual in all but a few, very limited circumstances. Recent guidance published…