Menu

Showing 5 posts in HIPAA.

Health Providers Must Ensure Social Media Interactions Protect Patients' Protected Health Information

It can be tempting for a business to push back on a negative review on social media. However, health care providers cannot disclose patients' protected health information (PHI) in response to negative reviews posted on social media. More ›

OCR Settles First Case in HIPAA Right of Access Initiative

On September 9, 2019 the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services announced its first enforcement action and settlement of its Right of Access Initiative. This follows an OCR announcement earlier this year of its intention to vigorously enforce patients' rights to promptly receive copies of their medical records, without being overcharged. More ›

OCR Provides Guidance on Direct Liability for Business Associates Under HIPAA

A HIPAA Business Associate ("Business Associate") is an individual or entity who performs or furnishes activity or service for or on behalf of a HIPAA Covered Entity ("Covered Entity") involving the use or disclosure of protected health information ("PHI"). The HITECH Act and OCR's HIPAA Security final rule provides the U.S. Department of Health & Human Services Office for Civil Rights ("OCR") with authority to take enforcement action against Business Associates only for those requirements and prohibitions of the HIPAA Rules outlined below.

Based on recent guidance provide by OCR, Business Associates should implement a HIPAA compliance program and document compliance with the HIPAA Privacy and Security rules in order to minimize potential HIPAA enforcement actions. Covered Entities should also perform due diligence on potential Business Associates and monitor and audit Business Associate compliance. More ›

Health Care Organizations Should Take Heed of New HHS Cybersecurity Guidance

Cybersecurity is a significant and growing compliance risk for health care organizations. If your organization fails to protect patients from cybersecurity risks, the result could be serious fines and penalties for non-compliance with federal and state cybersecurity and data breach laws. The good news is that the U.S. Department of Health & Human Services ("HHS") recently released voluntary cybersecurity guidance for health care organizations. More ›

OCR Issues Guidance on How Providers May Share Information under HIPAA in Response to the National Opioid Crisis

On October 27, 2017 the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued a guidance titled "How HIPAA Allows Doctors to Respond to the Opioid Crisis," following President Trump's declaration of the opioid crisis as a national public health emergency. The guidance contains information on how the HIPAA Privacy Rule allows covered entities—which include health care providers and insurers—to share patient information without patient consent in connection with the nation's opioid-related health crisis.

Generally, HIPAA prohibits health care providers and insurers from sharing protected health information about patients who have the capacity to make their own health care decisions, and who have not authorized information sharing with family or legal representatives. The OCR Guidance clarifies that the HIPAA Privacy Rule allows the sharing of such information in certain circumstances, including: More ›

Search
Subscribe via Email