HIPAA

Legislators Introduce Bill to Modernize HIPAA, Health Data Privacy Laws

by Jill McKeon

US Senators Tammy Baldwin (D-WI) and Bill Cassidy (R-LA) introduced the Health Data Use and Privacy Commission Act intending to modernize health data privacy laws to reflect the current tech landscape....

PCI Compliance Versus HIPAA Compliance In Healthcare

by Jill McKeon

The Payment Card Industry Data Security Standard (PCI DSS) and HIPAA both protect data in different domains. Just as HIPAA safeguards protected health information (PHI), PCI standards aim to protect credit card data. Since healthcare...

OCR Issues HIPAA Guidance Surrounding Extreme Risk Protection Orders

by Jill McKeon

HHS’s Office for Civil Rights (OCR) released new guidance to clarify how HIPAA permits covered healthcare providers to disclose protected health information (PHI) without a patient’s...

OCR Settles 5 HIPAA Right of Access Cases

by Jill McKeon

The Office for Civil Rights (OCR) announced the resolution of five cases under the HIPAA Right of Access Initiative. OCR created the initiative in 2019 in order to support patients' right to timely...

2 NJ Printing Companies Fined for HIPAA Violations, PHI Exposure

by Jill McKeon

Two New Jersey-based printing companies agreed to pay a fine of $130,000 for potentially committing HIPAA violations and New Jersey Consumer Fraud Act (CFA) violations through protected health...

De-Identification of PHI According to the HIPAA Privacy Rule

by Jill McKeon

De-identification of protected health information (PHI) can help researchers glean valuable insights about population health, aid in healthcare policymaking, and bolster other research ventures. Once PHI is de-identified and can no longer...

With A New Leader, OCR to Focus on Risk Analysis, HIPAA Enforcement

by Jill McKeon

HHS’ Office for Civil Rights (OCR) recently announced the appointment of a new director, Lisa J. Pino, who will take over the office’s oversight of civil rights enforcement, HIPAA...

How the FTC’s Health Breach Notification Rule Will Impact Health Apps

by Jill McKeon

Customers regularly provide their heart rate, weight, height, sleep, fertility, and other sensitive medical data to health apps. But while standard healthcare providers are beholden to HIPAA, health...

OCR Clarifies HIPAA Rules Surrounding Vaccination Status

by Jill McKeon

The COVID-19 pandemic and vaccine rollout have brought HIPAA into the spotlight, but many Americans continue to misunderstand how HIPAA relates and does not relate to vaccination status. As a result,...

CA Extends Telehealth HIPAA Penalty Exemption Until End of PHE

by Jill McKeon

California Governor Gavin Newsom renewed most of Executive Order N-43-20, which provides certain HIPAA penalty exemptions surrounding the release of patient information for providers who deliver...

Key Differences Between PHI and PII, How They Impact HIPAA Compliance

by Jill McKeon

Personally identifiable information (PII) and protected health information (PHI) may seem similar on the surface, but key distinctions set them apart. While PII is a catch-all term for any information...

OCR Settles 20th HIPAA Right of Access Case With Nebraska Hospital

by Jill McKeon

The HHS Office for Civil Rights (OCR) settled its twentieth case under the HIPAA Right of Access Initiative, marked by an $80,000 civil monetary penalty paid by Nebraska-based Children’s Hospital...

Common Misconceptions About HIPAA and COVID-19 Vaccination Status

by Jill McKeon

The HIPAA Privacy Rule does not protect one’s COVID-19 vaccination status, despite popular misconceptions. As HIPAA turns 25 this year, common misinterpretations of the law persist, a blog post...

15 Years Later, Walgreens’ HIPAA Violation Case Raises Questions

by Jill McKeon

Following a 2006 HIPAA violation investigation by Indianapolis news station WTHR, CVS and Rite Aid reached settlements with HHS’ Office for Civil Rights (OCR) and paid a combined $3.25 million in...

How Do New Patient Right of Access Policies Impact HIPAA?

by Jill McKeon

It’s been 25 years since HIPAA was signed into law, but new patient right of access policies have experts questioning the future of HIPAA and third-party data sharing, according to a recent op-ed...

LA Patient Privacy Incident Discloses COVID-19 Vaccine Status 

by Lisa Gentes-Hunt

An accidental patient privacy event shared online the COVID-19 vaccination status of over 4,000 Los Angeles County...

Ohio Hospital HIPAA Violation Goes Unnoticed for Over a Decade

by Jill McKeon

Aultman Health Foundation in Ohio announced the termination of an unnamed employee who committed a HIPAA violation that put patient EHRs and personally identifiable information (PII) at risk. For over...

Cloud Security Alliance Releases Telehealth Risk Management Paper

by Jill McKeon

A recent paper from the Cloud Security Alliance (CSA) provides guidance on HIPAA compliance, cybersecurity, and telehealth risk management. The paper offers best practices for data use, storage, and...

COVID-19, Info Blocking Provisions: Time for HIPAA Compliance Checkup

by Jessica Davis

The information blocking provisions of the 21st Century Cures Act officially went into effect this week, putting into focus the Department of Health and Human Services’ regulatory and compliance...

Congress Urges FTC Crackdown on Health Apps Via Breach Notice Rule

by Jessica Davis

A group of three Congressional members from New Jersey are urging the Federal Trade Commission to utilize its Health Breach Notification Rule to crack down on mobile health apps that share personal...