HIPAA and Compliance News

OCR Issues HIPAA Guidance Surrounding Extreme Risk Protection Orders

by

HHS’s Office for Civil Rights (OCR) released new guidance to clarify how HIPAA permits covered healthcare providers to disclose protected health information (PHI) without a patient’s...

OCR Settles 5 HIPAA Right of Access Cases

by

The Office for Civil Rights (OCR) announced the resolution of five cases under the HIPAA Right of Access Initiative. OCR created the initiative in 2019 in order to support patients' right to timely...

2 NJ Printing Companies Fined for HIPAA Violations, PHI Exposure

by

Two New Jersey-based printing companies agreed to pay a fine of $130,000 for potentially committing HIPAA violations and New Jersey Consumer Fraud Act (CFA) violations through protected health...

With A New Leader, OCR to Focus on Risk Analysis, HIPAA Enforcement

by

HHS’ Office for Civil Rights (OCR) recently announced the appointment of a new director, Lisa J. Pino, who will take over the office’s oversight of civil rights enforcement, HIPAA...

OCR Clarifies HIPAA Rules Surrounding Vaccination Status

by

The COVID-19 pandemic and vaccine rollout have brought HIPAA into the spotlight, but many Americans continue to misunderstand how HIPAA relates and does not relate to vaccination status. As a result,...

CA Extends Telehealth HIPAA Penalty Exemption Until End of PHE

by

California Governor Gavin Newsom renewed most of Executive Order N-43-20, which provides certain HIPAA penalty exemptions surrounding the release of patient information for providers who deliver...

HHS Announces Former DHS Official Lisa J. Pino as New OCR Director

by

HHS has appointed Lisa J. Pino as director of the Office for Civil Rights (OCR). OCR oversees civil rights enforcements, HIPAA regulations, security, privacy, and breach notification rules. Most...

Key Differences Between PHI and PII, How They Impact HIPAA Compliance

by

Personally identifiable information (PII) and protected health information (PHI) may seem similar on the surface, but key distinctions set them apart. While PII is a catch-all term for any information...

OCR Settles 20th HIPAA Right of Access Case With Nebraska Hospital

by

The HHS Office for Civil Rights (OCR) settled its twentieth case under the HIPAA Right of Access Initiative, marked by an $80,000 civil monetary penalty paid by Nebraska-based Children’s Hospital...

AL Providers Illegally Accessed COVID-19 Immunization Registry

by

Alabama Attorney General Steve Marshall released a statement warning healthcare providers to stop using the state’s COVID-19 immunization registry unlawfully to verify vaccination status for...

Common Misconceptions About HIPAA and COVID-19 Vaccination Status

by

The HIPAA Privacy Rule does not protect one’s COVID-19 vaccination status, despite popular misconceptions. As HIPAA turns 25 this year, common misinterpretations of the law persist, a blog post...

15 Years Later, Walgreens’ HIPAA Violation Case Raises Questions

by

Following a 2006 HIPAA violation investigation by Indianapolis news station WTHR, CVS and Rite Aid reached settlements with HHS’ Office for Civil Rights (OCR) and paid a combined $3.25 million in...

How Do New Patient Right of Access Policies Impact HIPAA?

by

It’s been 25 years since HIPAA was signed into law, but new patient right of access policies have experts questioning the future of HIPAA and third-party data sharing, according to a recent op-ed...

How Health Facilities Can Prevent, Mitigate Ransomware in 2021

by

The healthcare industry continues to battle a surge in ransomware and cyber-attacks, which have increased in recent years and spiked since the start of the COVID-19...

Wisconsin Governor Signs Insurance Cybersecurity Act into Law

by

Wisconsin Governor Tony Evers signed a new cybersecurity regulation into law, creating additional measures for insurance companies to protect the personally identifiable...

NY Law Shows Reasonable Cybersecurity Standards For Health Providers

by

The pandemic has brought about an increase in healthcare-related electronic information and an increased need for health information regulations, according to...

LA Patient Privacy Incident Discloses COVID-19 Vaccine Status 

by

An accidental patient privacy event shared online the COVID-19 vaccination status of over 4,000 Los Angeles County...

California Updates Health Facility Data Breach Requirements 

by

California is tightening up its health facility data breach regulations and recently issued an update to its administrative penalties and reporting requirements.  The newly...

Connecticut’s Updated Cybersecurity Law Now Protects Patient Data 

by

A newly signed Connecticut cybersecurity law will now allow for the protection of patient data and other private health information.  An Act Concerning Data Privacy...

Colorado Governor Signs The Colorado Privacy Act Into Law  

by

Colorado Governor Jared Polis signed the Colorado Privacy Act (CPA) into law on July 8, adding protections for Colorado consumer’s data and...