HIPAA Privacy Rule

Dignity Health to Pay OCR $160K for HIPAA Right of Access Failure

by Jessica Davis

Arizona-based Dignity Health, doing business as St. Joseph’s Hospital and Medical Center (SJHMC), has agreed to corrective actions and a $160,000 enforcement action with the...

RWJF, Manatt Share Consumer Health Data Privacy Framework

by Jessica Davis

The Robert Wood Johnson Foundation and Manatt Health recently released a consumer Health Data Privacy Framework designed to address some of the gaps in existing health data privacy...

OCR Shares COVID-19 Guide on Contacting Patients for Blood Donations

by Jessica Davis

The Office for Civil Rights released guidance for healthcare covered entities on the HIPAA-permitted ways providers can contact patients recovering from COVID-19 to inform them of blood and plasma...

AMA Shares Privacy Principles for Non-HIPAA Covered Entities, Data

by Jessica Davis

The American Medical Association unveiled a set of privacy principles for non-HIPAA covered entities, designed to empower consumers with more control over the health data collected about them. AMA will...

COVID-19: OCR Reminds Providers of Media Access Restrictions to PHI

by Jessica Davis

The Office for Civil Rights issued a reminder to healthcare providers that even amid the COVID-19 crisis, the HIPAA Privacy Rule does not permit them to give site access to media and other film...

Ciitizen: ‘Significant Improvement’ in HIPAA Right of Access Compliance

by Jessica Davis

Ciitizen released its third Patient Record Scorecard, which found significant improvements in the number of providers in compliance with the HIPAA Right of Access rule. In fact, the number of...

OCR Shares COVID-19 PHI, Data Sharing Guidance for First Responders

by Jessica Davis

The Office for Civil Rights released guidance for how protected health information on patients exposed or infected with COVID-19 can be shared with first responders, such as law enforcement,...

HHS Issues Limited Waiver of HIPAA Sanctions Due to Coronavirus

by Jessica Davis

Following President Donald Trump’s declaration of a nationwide emergency over the Coronavirus, or COVID-19, the Department of Health and Human Service Secretary Alex Azar issued a limited waiver...

eHI, CDT Partner on Consumer Privacy Framework for Health Data

by Jessica Davis

eHealth Initiative and the Center for Democracy and Technology (CDT) are partnering on the development of a consumer privacy framework for health data not currently protected by HIPAA. The Building a...

CCFH Urges Lawmakers, OCR to Uphold Patient Privacy Protections

by Jessica Davis

Citizens Council for Health Freedom is calling on state legislators to defend the Minnesota Health Records Act (MHRA) following reports of some major healthcare partnerships with large tech companies,...

NIST Shares Enterprise Risk Management Privacy Framework

by Jessica Davis

NIST recently released its privacy framework designed to provide organizations with privacy protection strategies to improve their current methods for using and protecting sensitive data,...

Could Patient Privacy Awareness Drive Health IT Innovation in 2020?

by Jessica Davis

The past year in health IT security was one of the worst seen in recent years, with multiple breaches each impacting several millions of patients. Patients are also growing increasingly aware of their...

Complying with the HIPAA Privacy Rule During Emergency Situations

by Fred Donovan

Emergency situations and natural disasters, such as hurricanes, pandemics, or mass casualties, can quickly overwhelm healthcare systems. The last thing on people’s minds in those situations is complying with the HIPAA Privacy...

Did EMS Worker Commit HIPAA Violation With Facebook Post?

by Fred Donovan

Did an emergency medical services (EMS) worker in Roane County, Tennessee, commit a HIPAA violation with a Facebook post that described the peculiar location of an emergency response—a...

How HIPAA Rules Apply with Law Enforcement Investigations

by Elizabeth Snell

HIPAA rules are meant to protect patient information, but what happens when there is a law enforcement investigation? Are police officers allowed to demand PHI without a warrant? That issue was...

Medical Record Security Key Focus in Indiana Senate Bill

by Elizabeth Snell

Database owners are now required to ensure medical record security by safeguarding healthcare data stored in their systems, according to a recently updated Indiana bill. Senate Bill 549 changed the...

Data Security Considerations in Healthcare Interoperability

by Elizabeth Snell

While more healthcare organizations are utilizing electronic health records (EHRs) and adding to the increase in healthcare interoperability finding a health IT option that provides better patient care and keeps PHI secure is not always...

The Role of HIM Professionals in HIPAA Compliance

by Elizabeth Snell

Individuals in the health information management (HIM) field play a critical role in covered entities’ approaches to data security, especially HIPAA compliance. HIM professionals are often...

How Do HIPAA Rules, Patient Privacy Apply in Emergencies?

by Elizabeth Snell

No healthcare organization wants to compromise patient privacy, and HIPAA rules were designed to ensure that this does not occur.   Covered entities of all sizes should understand how the HIPAA...

How Do HIPAA Regulations Affect Judicial Proceedings?

by Elizabeth Snell

HIPAA regulations are designed to keep healthcare organizations compliant, ensuring that sensitive data - such as patient PHI - stays secure. Should a healthcare data breach occur, covered entities or...