Tag

HIPAA

Browsing

In response to the COVID-19 global pandemic, on March 17, 2020, the Office of Civil Rights (OCR) at the US Department of Health and Human Services (HHS), the agency charged with enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), issued the Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (“Guidance”). On March 20, OCR issued supplemental guidance on provision of telehealth services in the form…

Many employers in the US are grappling with appropriate efforts to contain and protect the workforce against COVID-19. Those efforts include employee and visitor screening activities that range from requiring all personnel to provide an affirmation upon admission to a worksite to taking vital signs or other hands-on screenings. But are those screening activities lawful under applicable privacy and confidentiality laws in the US? And what should employers do when they have reason to suspect…

In October 2016, federal authorities released two important guidance materials for businesses handling health information to consider. The Department of Health and Human Services, Office for Civil Rights (“OCR”) released guidance on (1) the application of HIPAA to cloud computing, and (2) the importance of the Federal Trade Commission Act (“FTC Act”) in the context of sharing protected health information (“PHI”). These materials are important because OCR is responsible for enforcing the Health Insurance Portability…

On August 18, 2016, the Department of Health and Human Services – Office for Civil Rights (“OCR”), the office that enforces the Health Insurance Portability and Accountability Act (“HIPAA”), sent out an email detailing a new investigative initiative. OCR currently investigates all reported breaches of protected health information (“PHI”) affecting more than 500 individuals, and will soon begin investigating more broadly certain types of breaches affecting fewer than 500 individuals. Further details on breach reporting…

On July 11, 2016, the Department of Health and Human Services – Office for Civil Rights (“OCR”) sent email requests to 167 health plans, health care providers, and health care clearinghouses (“Covered Entities”) for materials related to their compliance with the Privacy, Security, and Breach Notification Rules of the Health Insurance Portability and Accountability Act, as implemented at 45 C.F.R. Parts 160, 162, and 164 (“HIPAA”). These requests are part of Phase 2 of OCR’s…

Recently, the Department of Health and Human Services – Office for Civil Rights (“OCR”) announced the launch of Phase 2 of its audit program for the Health Insurance Portability and Accountability Act (“HIPAA”). After years in development, the program represents a new tool for OCR to use in evaluating businesses’ compliance with HIPAA’s Privacy, Security, and Breach Notification Rules. The initiative will encompass both types of organizations regulated by HIPAA: “covered entities” (certain health plans,…