US Senators Tammy Baldwin (D-WI) and Bill Cassidy (R-LA) introduced the Health Data Use and Privacy Commission Act intending to modernize health data privacy laws to reflect the current tech landscape....
The Payment Card Industry Data Security Standard (PCI DSS) and HIPAA both protect data in different domains. Just as HIPAA safeguards protected health information (PHI), PCI standards aim to protect credit card data. Since healthcare...
HHS’s Office for Civil Rights (OCR) released new guidance to clarify how HIPAA permits covered healthcare providers to disclose protected health information (PHI) without a patient’s...
The Office for Civil Rights (OCR) announced the resolution of five cases under the HIPAA Right of Access Initiative. OCR created the initiative in 2019 in order to support patients' right to timely...
Two New Jersey-based printing companies agreed to pay a fine of $130,000 for potentially committing HIPAA violations and New Jersey Consumer Fraud Act (CFA) violations through protected health...
De-identification of protected health information (PHI) can help researchers glean valuable insights about population health, aid in healthcare policymaking, and bolster other research ventures. Once PHI is de-identified and can no longer...
HHS’ Office for Civil Rights (OCR) recently announced the appointment of a new director, Lisa J. Pino, who will take over the office’s oversight of civil rights enforcement, HIPAA...
Customers regularly provide their heart rate, weight, height, sleep, fertility, and other sensitive medical data to health apps. But while standard healthcare providers are beholden to HIPAA, health...
The COVID-19 pandemic and vaccine rollout have brought HIPAA into the spotlight, but many Americans continue to misunderstand how HIPAA relates and does not relate to vaccination status. As a result,...
California Governor Gavin Newsom renewed most of Executive Order N-43-20, which provides certain HIPAA penalty exemptions surrounding the release of patient information for providers who deliver...
Personally identifiable information (PII) and protected health information (PHI) may seem similar on the surface, but key distinctions set them apart. While PII is a catch-all term for any information...
The HHS Office for Civil Rights (OCR) settled its twentieth case under the HIPAA Right of Access Initiative, marked by an $80,000 civil monetary penalty paid by Nebraska-based Children’s Hospital...
The HIPAA Privacy Rule does not protect one’s COVID-19 vaccination status, despite popular misconceptions. As HIPAA turns 25 this year, common misinterpretations of the law persist, a blog post...
Following a 2006 HIPAA violation investigation by Indianapolis news station WTHR, CVS and Rite Aid reached settlements with HHS’ Office for Civil Rights (OCR) and paid a combined $3.25 million in...
It’s been 25 years since HIPAA was signed into law, but new patient right of access policies have experts questioning the future of HIPAA and third-party data sharing, according to a recent op-ed...
Aultman Health Foundation in Ohio announced the termination of an unnamed employee who committed a HIPAA violation that put patient EHRs and personally identifiable information (PII) at risk. For over...
A recent paper from the Cloud Security Alliance (CSA) provides guidance on HIPAA compliance, cybersecurity, and telehealth risk management. The paper offers best practices for data use, storage, and...
The information blocking provisions of the 21st Century Cures Act officially went into effect this week, putting into focus the Department of Health and Human Services’ regulatory and compliance...
A group of three Congressional members from New Jersey are urging the Federal Trade Commission to utilize its Health Breach Notification Rule to crack down on mobile health apps that share personal...