Archives: Health Privacy

Subscribe to Health Privacy RSS Feed

HHS Issues Advance Notice of Proposed Rulemaking on HIPAA and Firearm Background Check Reporting

The U.S. Department of Health and Human Services (HHS) issued on April 19 an advance notice of proposed rulemaking (ANPRM) regarding HIPAA and the National Instant Criminal Background Check System (NICS).  This action is based on one of the executive actions in President Obama’s plan to reduce gun violence, which was released in January 2013. … Continue Reading

HITECH Update #10: HHS Releases First Sample Business Associate Agreement Provisions Since HITECH Act, Omnibus Rule

This post is part of our series on key aspects of the final HITECH omnibus rule published by the U.S. Department of Health and Human Services (HHS) in the Federal Register on January 25, 2013. Previous posts are available here. The regulations are effective March 26, 2013, but covered entities and business associates have until … Continue Reading

HITECH Update #9: Omnibus Rule Revises Individual Rights to Request Restrictions, Access to Protected Health Information

This post is part of our series on key aspects of the final HITECH omnibus rule published by the U.S. Department of Health and Human Services (HHS) in the Federal Register on January 25, 2013. Previous posts are available here. The regulations are effective March 26, 2013, but covered entities and business associates have until … Continue Reading

HITECH Update # 7: New HIPAA Requirements for Business Associates and Their Subcontractors

This post is part of our series on key aspects of the final HITECH omnibus rule published by the U.S. Department of Health and Human Services (HHS) in the Federal Register on January 25, 2013. Previous posts are available here. The regulations are effective March 26, 2013, but covered entities and business associates have until … Continue Reading

HITECH Update #4: HHS Relaxes HIPAA Requirements for Research Authorizations

This post is part of our series on key aspects of the final HITECH omnibus rule issued by the U.S. Department of Health and Human Services (HHS) on January 17, 2013 (available here), and scheduled to be published in the Federal Register on January 25.  Previous posts are available here.  The regulations are effective March 26, 2013, … Continue Reading

HITECH Update #2: HHS Finalizes Privacy Rules to Protect Genetic Information

This post is part of our series on key aspects of the final HITECH omnibus rule issued by the U.S. Department of Health and Human Services (HHS) on January 17, 2013 (available here), and scheduled to be published in the Federal Register on January 25.  Previous posts are available here.  The regulations are effective March 26, 2013, … Continue Reading

HHS Issues Long-Awaited Final HITECH Regulations

By Anna Kraus The U.S. Department of Health and Human Services has issued its long-awaited final omnibus rule modifying the privacy, security, enforcement, and breach notification regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The rule is based on statutory changes under the Health Information Technology for Economic and Clinical Health … Continue Reading

HHS Issues Message to Nation’s Health Care Providers About HIPAA and Threats to Health and Safety

Following the release of the President’s plan to reduce gun violence, the Office for Civil Rights within the Department of Health and Human Services (HHS) issued a “Message to Our Nation’s Health Care Providers” regarding HIPAA and reporting threats of violence.  In the letter, which was prompted by the recent mass shootings in Newtown, Connecticut, … Continue Reading

President’s Gun Plan Addresses HIPAA Concerns, Clarifications

By Anna Kraus Two measures in President Obama’s plan to reduce gun violence, released yesterday, seek to address privacy concerns related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Mental Health Records and Background Checks.  The first measure, which is part of a set of recommendations to strengthen the National Instant Criminal … Continue Reading

EDPS Suggests Amendments to the Commission Proposal for a new Regulation on Clinical Trials on Medicinal Products for Human Use

On 19 December 2012, the European Data Protection Supervisor (EDPS) and the Assistant Supervisor, M. Giovanni Buttarelli, published a new Opinion that sets out their views on the Commission proposal for a new Regulation on Clinical Trials on Medicinal Products for Human Use (the Regulation).  The Commission proposal, released in July 2012, touches on a … Continue Reading

HHS Releases Guidance on HIPAA De-Identification Standard

By Anna Kraus On Monday, the U.S. Department of Health and Human Services (HHS) released guidance on methods for de-identification of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.  The guidance, which was required under Section 13424(c) of the Health Information Technology for Economic and Clinical … Continue Reading

Telemarketing Recap: Recent Key Developments at the FCC, FTC and in the Courts

A number of key developments affecting telemarketing emerged over the past week: 1.  The distinction between informational and telemarketing calls was further defined.  The 9th Circuit held that calls intended to impart information about a customer rewards program could be construed as “dual purpose” calls subject to federal and state telemarketing restrictions.  See Chesbro v. … Continue Reading

HHS Announces $1.5 Million HIPAA Settlement with Massachusetts Provider

On September 17, the Department of Health and Human Services (HHS) announced a settlement with Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (collectively, MEEI) for alleged violations of the HIPAA Security Rule.  Under the Resolution Agreement, MEEI agreed to pay $1.5 million to HHS and take corrective action to improve … Continue Reading

Court Dismisses Minnesota AG’s HIPAA Enforcement Action Against Business Associate Following Settlement

Earlier this month, the federal district court in Minnesota dismissed a lawsuit brought earlier this year by the Minnesota Attorney General (AG) against Accretive Health, Inc., a business associate of hospitals, after the parties reached a settlement.  In the lawsuit, which we previously discussed here, the Minnesota AG alleged that the company violated various provisions … Continue Reading

HHS Publishes HIPAA Audit Protocol

By Anna Kraus The Department of Health and Human Services (HHS) has posted on its website the protocol for the HIPAA audits required under the HITECH Act.  Section 13411 of the HITECH Act requires HHS to provide for periodic audits to ensure that covered entities and business associates are in compliance with the HIPAA standards for … Continue Reading

Alaska Medicaid Agrees to Pay $1.7 Million to Settle HIPAA Security Case

By Anna Kraus The Department of Health and Human Services (HHS) announced yesterday that the Alaska Department of Health and Social Services, Alaska’s State Medicaid agency (Alaska Medicaid), has agreed to pay $1.7 million to HHS to settle potential violations of the HIPAA Security Rule.  This is HHS’s first HIPAA enforcement action against a State … Continue Reading

Health Officials Emphasize Data Security for Providers’ Mobile Devices

Recently, officials from the Office of the National Coordinator for Health Information Technology (ONC) in the Department of Health and Human Services stressed the need for data security in connection with providers’ use of mobile devices for health care delivery.  Approximately 81 percent of physicians use smart phones or mobile devices.  The need for data … Continue Reading
LexBlog