Healthcare Information Security

HIPAA Privacy Rule

AHA Urges Consumer Education on HIPAA Privacy Rule and Health Apps

June 29, 2018 - The American Hospital Association (AHA) is calling on the US federal government to develop a consumer education program to make it clear that commercial providers of health apps may not be subject to the HIPAA Privacy Rule. “Commercial app companies generally are not HIPAA-covered entities. Therefore, when information flows from a hospital’s information system to an app, it likely...


More Articles

Judge Dismisses Lawsuit Charging LabCorp with HIPAA Violation

by Fred Donovan

US District Court Judge Rudolph Contreras dismissed a lawsuit by Hope Lee-Thomas accusing LabCorp of a HIPAA violation for not providing adequate privacy protections at its Providence Hospital computer intake station. Lee-Thomas argued in her...

Hospital Faxes Records to Wrong Person in Apparent HIPAA Violation

by Fred Donovan

OhioHealth’s Grant Medical Center has been sending faxes with patient information to the wrong person for months in an apparent HIPAA violation, reported ABC6 in Columbus, Ohio, on June 18. The information in the faxes included...

House Passes Bill to Align SUD Rules with HIPAA Privacy Rule

by Fred Donovan

By a vote of 357-57, the US House passed the Overdose Prevention and Patient Safety Act (HR 6082) on June 20, which would align privacy protections for substance use disorder (SUD) patients with the HIPAA Privacy Rule. HR 6082 would authorize...

Common Rule’s Final Version Exempts Certain HIPAA Covered Entities

by Fred Donovan

The federal government has issued the final rule for the Federal Policy for the Protection of Human Subjects, known as the Common Rule, that allows, among other things, more secondary research of EHR data by exempting low-risk studies conducted...

WHS Suspends Dozen Employees for Alleged HIPAA Violations

by Fred Donovan

Pennsylvania-based Washington Health System (WHS) has suspended around a dozen employees for alleged HIPAA violations involving inappropriately accessing patient records in a high-profile case, the Observer-Reporter newspaper reported June 18....

Judge Upholds $4.3M Fines against MD Anderson for HIPAA Violations

by Fred Donovan

An HHS Administrative Law Judge (ALJ) ruled that the University of Texas MD Anderson Cancer Center (MD Anderson) must pay $4.3 million in civil money penalties for HIPAA violations. The judge backed OCR in its proposed determination, granting...

OCR Guidance Tackles PHI Research Use Under HIPAA Privacy Rule

by Fred Donovan

OCR has issued new guidance on the HIPAA Privacy Rule that explains certain requirements for an authorization to use or disclose PHI for research and clarifies aspects of the individual’s right to revoke an authorization. The guidance implements...

Did EMS Worker Commit HIPAA Violation With Facebook Post?

by Fred Donovan

Did an emergency medical services (EMS) worker in Roane County, Tennessee, commit a HIPAA violation with a Facebook post that described the peculiar location of an emergency response—a chicken coop? The EMS worker was part of a team...

Personal Injury Attorney Ads Could Raise Patient Privacy Issues

by Fred Donovan

In a new trend that could raise patient privacy concerns, personal injury attorneys and marketers are using geofencing technology to deliver targeted advertisements to patients’ mobile phones when they visit emergency rooms or clinics,...

Does EHR Patient Access Fall Short of HIPAA Compliance?

by Fred Donovan

Patients and healthcare organizations face numerous challenges when providing EHR patient access for HIPAA compliance, according to a report released May 14 by the Government Accountability Office (GAO). Among the challenges faced by patients...

Amazon’s Alexa Healthcare Team Bones Up on HIPAA Compliance

by Fred Donovan

Amazon is becoming very familiar with HIPAA compliance requirements as part of its effort to expand the Alexa digital assistant’s role in providing healthcare information and advice, CNBC is reporting. Amazon has set up a health and wellness...

House Debates Bill to Align SUD Rules with HIPAA Privacy Rule

by Fred Donovan

Supporters and opponents of a bill that would align privacy protections for substance use disorder (SUD) patients with the HIPAA Privacy Rule faced off during a May 8 hearing of the House Energy and Commerce Committee’s health subcommittee....

Senate Bill Has Version of Jessie’s Law, Not Aligned with HIPAA Privacy Rule

by Fred Donovan

The Senate Health, Education, Labor and Pensions Committee this week passed the Opioid Crisis Response Act of 2018 (S 2680) with a broad range of measures to combat the opioid epidemic, including a version of Jessie’s Law that allows for...

HIPAA Compliance Gap Between Compliance Officers, Regulators

by Fred Donovan

There is a large gap between the priorities of healthcare compliance officers and regulators when it comes to HIPAA compliance, according to a survey of 388 healthcare organizations by SAI Global and Strategic Management Services. Healthcare...

Patient Privacy Protections Extended to EOB in Massachusetts

by Fred Donovan

Patient privacy protections have been extended to cover explanation of benefits (EOB) summaries sent out by health insurers, under a Massachusetts bill signed in to law by Governor Charlie Baker (R) earlier this month. Sensitive health information...

Data Privacy Rights Hinder Effective Treatment, Warns AHA

by Fred Donovan

The American Hospital Association (AHA) is pushing for passage of HR 3545, the Overdose Prevention and Patient Safety Act, which would curb data privacy rights under 42 Code of Federal Regulations (CFR) Part 2 that prevent healthcare providers...

Proper Paper Records Disposal Necessary for PHI Data Security

by Elizabeth Snell

Even as healthcare providers are increasingly implementing EHRs and patient data is being transferred to electronic form, organizations cannot overlook PHI data security measures with their paper records. Researchers at Toronto's St. Michael's...

Stakeholders Desire Clarification on Secure Data Exchange in TEFCA

by Elizabeth Snell

ONC must further clarify secure data exchange aspects in its Trusted Exchange Framework and Common Agreement (TEFCA) draft, and also explain how HIPAA regulations will apply, according to industry stakeholders. One of the TEFCA principles discusses...

Common Rule Interim Version Released, Exempts HIPAA Research

by Elizabeth Snell

More secondary research of EHR data will be enabled through the recently announced interim version of the Federal Policy for the Protection of Human Subjects, or the Common Rule. Certain low-risk studies, such as observational studies meant to...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks