Healthcare Information Security

HIPAA Privacy Rule

Proposed Bill Gives Consumers Right to Dispute PHI Record Accuracy

December 14, 2018 - The Center for Democracy & Technology released a proposed draft federal privacy bill, centered around a consumer’s right to understanding where their data is located and reasonable access to data upon request. While the draft pertains to all sectors, there are several elements that relevant to patient data rights. Specifically, CDT proposed that individuals should have the...


More Articles

HHS, OCR Seek Industry Feedback on HIPAA Update for Data Sharing

by Jessica Davis

The Department of Health and Human Service and the Office for Civil Rights are seeking industry feedback on how to improve HIPAA guidance, especially around care coordination. The OCR Request for Information comes in response to an...

Allergy Associates Settles with OCR for $125K over HIPAA Violation

by Jessica Davis

Connecticut-based Allergy Associates of Hartford settled with the Office for Civil Rights for $125,000, for a 2015 incident involving impermissible disclosure of a patient’s protected health information to a reporter. In February...

Azar Issues 2nd HIPAA Privacy Rule Waiver in As Many Months

by Fred Donovan

As in the case of Hurricane Florence, HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions for areas impacted by Hurricane Michael. The waiver is intended to enable greater information...

Iowa County Government Employee Alleges HIPAA Violation

by Fred Donovan

An employee of the Iowa’s Mahaska County government alleged that another employee committed a HIPAA violation when she locked a member of the public inside a building where files containing PHI were stored unsecured, the...

Congress Urged To Align 42 CFR Part 2 With HIPAA Privacy Rule

by Fred Donovan

The Partnership to Amend 42 CFR Part 2 is urging Congress to include the Overdose Prevention and Patient Safety Act (HR 6082), which would align 42 CFR Part 2 with the HIPAA Privacy Rule, in compromise opioid legislation that the House and...

Boston Hospitals Cough Up $1M for ‘Boston Trauma’ HIPAA Violations

by Fred Donovan

OCR announced Sept. 20 that it has fined three Boston-area hospitals close to $1 million for HIPAA violations involving the filming of ABC’s TV series “Save My Life: Boston Trauma.”* OCR reached HIPAA settlements with...

Azar Waives HIPAA Privacy Rule Sanctions for Hurricane Response

by Fred Donovan

HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions that apply to hospitals to enable greater sharing of information in response to Hurricane Florence making landfall on the East...

HIPAA Privacy Rule Can Be Tool for Health Information Exchange

by Fred Donovan

Rather than being a barrier to information sharing and interoperability, the HIPAA Privacy Rule can be seen as a tool to facilitate health information exchange and flow across the health ecosystem, argued OCR and ONC in an Aug. 30 blog...

OCR Levies Close to $80M in HIPAA Privacy Rule Fines

by Fred Donovan

OCR has assessed close to $80 million in fines in 55 cases of HIPAA Privacy Rule violations since the rule took effect in April 2003, according to data on the HHS website. OCR has received 184,614 HIPAA complaints and has initiated 902...

HHS Pushes for Changes to HIPAA Privacy Rule, 42 CFR Part 2

by Fred Donovan

In the next few months, HHS plans to issue requests for information (RFIs) about changing the HIPAA Privacy Rule and 42 CFR Part 2 to make it easier for doctors, hospitals, and payers to coordinate in delivering value-based care and...

HATA Says PMS Vendors Want to Remain HIPAA Business Associates

by Fred Donovan

Currently, practice management software (PMS) vendors are considered HIPAA business associates  and therefore subject to the HIPAA Privacy and Security Rules, but not the HIPAA transactions and codes set requirements. The Healthcare...

AHA Urges Consumer Education on HIPAA Privacy Rule and Health Apps

by Fred Donovan

The American Hospital Association (AHA) is calling on the US federal government to develop a consumer education program to make it clear that commercial providers of health apps may not be subject to the HIPAA Privacy...

Judge Dismisses Lawsuit Charging LabCorp with HIPAA Violation

by Fred Donovan

US District Court Judge Rudolph Contreras dismissed a lawsuit by Hope Lee-Thomas accusing LabCorp of a HIPAA violation for not providing adequate privacy protections at its Providence Hospital computer intake station. Lee-Thomas argued in...

Hospital Faxes Records to Wrong Person in Apparent HIPAA Violation

by Fred Donovan

OhioHealth’s Grant Medical Center has been sending faxes with patient information to the wrong person for months in an apparent HIPAA violation, reported ABC6 in Columbus, Ohio, on June 18. The information in the faxes...

House Passes Bill to Align SUD Rules with HIPAA Privacy Rule

by Fred Donovan

By a vote of 357-57, the US House passed the Overdose Prevention and Patient Safety Act (HR 6082) on June 20, which would align privacy protections for substance use disorder (SUD) patients with the HIPAA Privacy Rule. HR 6082 would...

Common Rule’s Final Version Exempts Certain HIPAA Covered Entities

by Fred Donovan

The federal government has issued the final rule for the Federal Policy for the Protection of Human Subjects, known as the Common Rule, that allows, among other things, more secondary research of EHR data by exempting low-risk studies...

WHS Suspends Dozen Employees for Alleged HIPAA Violations

by Fred Donovan

Pennsylvania-based Washington Health System (WHS) has suspended around a dozen employees for alleged HIPAA violations involving inappropriately accessing patient records in a high-profile case, the Observer-Reporter newspaper reported June...

Judge Upholds $4.3M Fines against MD Anderson for HIPAA Violations

by Fred Donovan

An HHS Administrative Law Judge (ALJ) ruled that the University of Texas MD Anderson Cancer Center (MD Anderson) must pay $4.3 million in civil money penalties for HIPAA violations. The judge backed OCR in its proposed determination,...

OCR Guidance Tackles PHI Research Use Under HIPAA Privacy Rule

by Fred Donovan

OCR has issued new guidance on the HIPAA Privacy Rule that explains certain requirements for an authorization to use or disclose PHI for research and clarifies aspects of the individual’s right to revoke an authorization. The...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...