Tag:HIPAA
COVID-19 Vaccine Passports and Privacy Concerns
As businesses begin to reopen and resume operations after the pandemic, there are discussions surrounding possible vaccine passports and the concerns protecting individuals’ personal health information. COVID-19 vaccines are becoming more available within the country and more Americans feel safe to resume their normal lives. Many states and businesses are contemplating the idea of making vaccine passports a requirement for travel and large events. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) was created to protect personal health information. As other countries are beginning to require proof of vaccination, many are contemplating whether vaccine passports are permitted by HIPAA or if the requirement will actually violate the federal health privacy law.
Hospitals Across the Country at Serious Risk for Coordinated Ransomware Attacks
The Federal Bureau of Investigation (“FBI”), the Department of Health and Human Services (“HHS”), and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (“CISA”) recently announced that hackers have been and will continue to target the United States hospitals and health-care providers. These attacks are cyber in nature and often lead to ransomware attacks, data left, and inevitable disruption of health care services when patient information is locked until the ransom can be paid.
The Patchwork Paradox: Data Privacy Regulation and the Complications of Compliance
This spring I had the pleasure of attending a conference entitled Digital Platforms: Innovation, Antitrust, Privacy & the Internet of Things hosted by the UIC John Marshall Law School Center for IP, Information & Privacy Law. Throughout the day, panelists spoke about various topics of intellectual property, including artificial intelligence antitrust issues, and more. But for me, the highlight of the afternoon was the session on privacy issues. Here is a bit of what I learned…
Telehealth in the Age of COVID-19
The Health Insurance Portability and Accountability Act – enacted in 1996 by the U.S. Congress and signed by then-President Bill Clinton – has long served to maintain the standards of electronic health records and patient privacy, among many other provisions. Violating HIPAA can result in both criminal prosecution as well as steep civil penalties. As the healthcare industry transitioned from the use of paper records to storing patient data on electronic health records over the last two decades, health organizations have learned to adapt to HIPAA compliance, with many increasing their compliance programs by hiring full-time compliance officers, designating an individual as the compliance manager, and/or appointing a compliance committee within the organization.
Regulatory Waivers Under a Public Health Emergency
On January 31, 2020, the Secretary of Health and Human Services (“HHS”) Alex Azar declared a public health emergency (“PHE”) over the outbreak of the new coronavirus. The PHE response requires coordination with a complex set of federal, state, tribal and local laws and effective compliance calls for a comprehensive understanding of the legal implications and ramifications—which impose challenges from adherence to certain federal laws.
HIPAA And The Growth Of Technology
Earlier in 2019, a lawsuit was filed against University of Chicago Medicine, University of Chicago Medical Center, and Google. The suit claims that patient information was shared with google as part of a study aimed to advance the use of Artificial Intelligence, however, patient authorization was not obtained and the data used was not properly de-identified. In 2017, University of Chicago (UChicago) Medicine started sending patient data to Google as part of a project to look to see if historical health record data could be used to predict future medical events.
Take It Seriously: OCR Begins to Enforce Its Right of Access Initiative in Protection of Patient Rights
On September 9th, 2019, the Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) issued its first enforcement action and settlement under its Right of Access Initiative. This came as a reaction to Bayfront Health St. Petersburg (Bayfront) paying $85,000 in fines to OCR. Bayfront adopted a corrective action plan to settle a potential violation of the right of access provision of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule after they failed to provide a mother timely access to the records about her unborn child. In response, the OCR Director, Roger Severino, stated “[w]e aim to hold the health care industry accountable for ignoring peoples’ right to access their medical record and those of their kids.”
YouTube and Google Face Largest COPPA Fine in History
Data protection measures have been increasingly crossing news headlines ever since the General Data Protection Regulation (GDPR) came into effect in 2018. However, data protection measures did not begin with the GDPR. In the United States, where there is a sectoral system in place, there have been regulations in place for years that monitor children’s online privacy (COPPA), health information (HIPAA), spam (CAN-SPAM), and even video rental history (VPPA). Despite these systems being implemented years ago, large companies still fail to properly comply with the requirements set forth. Recently, a settlement between YouTube and the FTC brought to light the importance of compliance with COPPA.
HIPAA Simplification Compliance Review Now Underway
The Health Insurance Portability and Accountability Act (HIPAA) and the Patient Protection and Affordable Care Act (ACA) jointly create national standards for electronic transactions, code sets, and unique identifiers. The ACA introduced Administrative Simplification provisions in 2010 and now the Centers for Medicaid and Medicare Services (CMS) has launched a Compliance Review Program to ensure that HIPAA covered entities are abiding by the Administrative Simplification rules.
Cook County, Illinois Revised HIPAA Qualified Protective Order Signals New Responsibility for Injury Attorneys
Cook County General Administrative Order 18-1 pertains to the Standard HIPAA Qualified Protective Orders (QPO) that will be permitted in Cook County. These orders will only be allowed for cases that are in litigation where the Plaintiff and Plaintiff’s counsel authorize disclosure of a litigants’ protected health information (PHI). It also requires all entities who received PHI to either return the documents to the Plaintiff or destroy them at the end of the case. These changes mean that Plaintiff’s attorneys will see a change in the handling of Plaintiff’s medical records and other documents covered under the QPO containing PHI.