Tag

HIPAA

Browsing

Numerous data privacy and security laws govern the private sector’s collection and use of health data in the USA. These laws vary in scope and substance but some combination of them would probably apply to your company if, for example, it does any of the following in the country: Diagnoses or treats patients’ health conditions;Offers an app intended to promote the health or wellness of consumers;Provides health insurance or helps to process health insurance claims;Collects…

Further to our March 25th update and the guidance issued by the Office of Civil Rights (OCR) in late March, OCR has issued an additional Notification of Enforcement Discretion, allowing for enforcement discretion regarding additional uses and disclosures of protected health information (PHI) for public health and health oversight activities during the COVID-19 pandemic. Under the Health Insurance Portability and Accountability Act (HIPAA)’s Privacy Rule, business associates are generally only permitted to use and disclose…

In this episode of Connect On Tech, your host Brian Hengesbaugh is joined by Amy de La Lama, a partner in our Chicago office. Amy and Brian discuss a top of mind topic: telehealth, and the changes to US privacy regulations or enforcement priorities that evolve in response to the COVID-19 pandemic. You will hear: A summary of the current regulatory environment in the US regarding to privacy and telehealthHow US authorities taken steps to…

In response to the COVID-19 global pandemic, on March 17, 2020, the Office of Civil Rights (OCR) at the US Department of Health and Human Services (HHS), the agency charged with enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), issued the Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (“Guidance”). On March 20, OCR issued supplemental guidance on provision of telehealth services in the form…

Many employers in the US are grappling with appropriate efforts to contain and protect the workforce against COVID-19. Those efforts include employee and visitor screening activities that range from requiring all personnel to provide an affirmation upon admission to a worksite to taking vital signs or other hands-on screenings. But are those screening activities lawful under applicable privacy and confidentiality laws in the US? And what should employers do when they have reason to suspect…

In October 2016, federal authorities released two important guidance materials for businesses handling health information to consider. The Department of Health and Human Services, Office for Civil Rights (“OCR”) released guidance on (1) the application of HIPAA to cloud computing, and (2) the importance of the Federal Trade Commission Act (“FTC Act”) in the context of sharing protected health information (“PHI”). These materials are important because OCR is responsible for enforcing the Health Insurance Portability…

On August 18, 2016, the Department of Health and Human Services – Office for Civil Rights (“OCR”), the office that enforces the Health Insurance Portability and Accountability Act (“HIPAA”), sent out an email detailing a new investigative initiative. OCR currently investigates all reported breaches of protected health information (“PHI”) affecting more than 500 individuals, and will soon begin investigating more broadly certain types of breaches affecting fewer than 500 individuals. Further details on breach reporting…

On July 11, 2016, the Department of Health and Human Services – Office for Civil Rights (“OCR”) sent email requests to 167 health plans, health care providers, and health care clearinghouses (“Covered Entities”) for materials related to their compliance with the Privacy, Security, and Breach Notification Rules of the Health Insurance Portability and Accountability Act, as implemented at 45 C.F.R. Parts 160, 162, and 164 (“HIPAA”). These requests are part of Phase 2 of OCR’s…

Recently, the Department of Health and Human Services – Office for Civil Rights (“OCR”) announced the launch of Phase 2 of its audit program for the Health Insurance Portability and Accountability Act (“HIPAA”). After years in development, the program represents a new tool for OCR to use in evaluating businesses’ compliance with HIPAA’s Privacy, Security, and Breach Notification Rules. The initiative will encompass both types of organizations regulated by HIPAA: “covered entities” (certain health plans,…