HIPAA

Tag:

Regulatory Waivers Under a Public Health Emergency

February 26, 2020Uncategorized

On January 31, 2020, the Secretary of Health and Human Services (“HHS”) Alex Azar declared a public health emergency (“PHE”) over the outbreak of the new coronavirus. The PHE response requires coordination with a complex set of federal, state, tribal and local laws and effective compliance calls for a comprehensive understanding of the legal implications and ramifications—which impose challenges from adherence to certain federal laws.

emergencyEMTALAHIPAARegulationreimbursement

Take It Seriously: OCR Begins to Enforce Its Right of Access Initiative in Protection of Patient Rights

October 23, 2019HIPAA & Health Information

On September 9th, 2019, the Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) issued its first enforcement action and settlement under its Right of Access Initiative. This came as a reaction to Bayfront Health St. Petersburg (Bayfront) paying $85,000 in fines to OCR. Bayfront adopted a corrective action plan to settle a potential violation of the right of access provision of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule after they failed to provide a mother timely access to the records about her unborn child. In response, the OCR Director, Roger Severino, stated “[w]e aim to hold the health care industry accountable for ignoring peoples’ right to access their medical record and those of their kids.”

HIPAAphiRight of Access

YouTube and Google Face Largest COPPA Fine in History

October 1, 2019Uncategorized

Data protection measures have been increasingly crossing news headlines ever since the General Data Protection Regulation (GDPR) came into effect in 2018. However, data protection measures did not begin with the GDPR. In the United States, where there is a sectoral system in place, there have been regulations in place for years that monitor children’s online privacy (COPPA), health information (HIPAA), spam (CAN-SPAM), and even video rental history (VPPA). Despite these systems being implemented years ago, large companies still fail to properly comply with the requirements set forth. Recently, a settlement between YouTube and the FTC brought to light the importance of compliance with COPPA.

COPPAcomplianceCAN-SPAMGDPRHIPAAVPPAprivacyRegulation

HIPAA And The Growth Of Technology

November 14, 2019HIPAA & Health Information

Earlier in 2019, a lawsuit was filed against University of Chicago Medicine, University of Chicago Medical Center, and Google. The suit claims that patient information was shared with google as part of a study aimed to advance the use of Artificial Intelligence, however, patient authorization was not obtained and the data used was not properly de-identified. In 2017, University of Chicago (UChicago) Medicine started sending patient data to Google as part of a project to look to see if historical health record data could be used to predict future medical events.

Journal of Regulatory ComplianceInformation TechnologyHIPAAPrivacy & Securitypatient datapatient informationRegulation

Telehealth in the Age of COVID-19

June 18, 2020HIPAA & Health Information, Uncategorized

The Health Insurance Portability and Accountability Act – enacted in 1996 by the U.S. Congress and signed by then-President Bill Clinton – has long served to maintain the standards of electronic health records and patient privacy, among many other provisions. Violating HIPAA can result in both criminal prosecution as well as steep civil penalties. As the healthcare industry transitioned from the use of paper records to storing patient data on electronic health records over the last two decades, health organizations have learned to adapt to HIPAA compliance, with many increasing their compliance programs by hiring full-time compliance officers, designating an individual as the compliance manager, and/or appointing a compliance committee within the organization.

COVID-19#CoronavirusJournal of Regulatory ComplianceHIPAAtelehealthtelemedicinePrivacy & SecurityRegulation

The Patchwork Paradox: Data Privacy Regulation and the Complications of Compliance

September 1, 2020Uncategorized

This spring I had the pleasure of attending a conference entitled Digital Platforms: Innovation, Antitrust, Privacy & the Internet of Things hosted by the UIC John Marshall Law School Center for IP, Information & Privacy Law. Throughout the day, panelists spoke about various topics of intellectual property, including artificial intelligence antitrust issues, and more. But for me, the highlight of the afternoon was the session on privacy issues. Here is a bit of what I learned…

COPPAdata privacydatadata regulationCCPABIPAGDPRHIPAA

Stemming the Tide of Medical Information Data Breaches

November 6, 2018Fraud & Abuse, HIPAA & Health Information

Protected Health Information is seeing a surge of breaches on the cyber security front due to contractor error. It’s also impacting the most consumers in comparison to other data breaches and, in some cases, has the power to cause chaos in national infrastructure. Advances in technology and compliance measures can stem the tide and protect the most valuable information in consumers lives.

compliance programcomplianceCMSbreachmedicareMedicaidJournal of Regulatory ComplianceHIPAAhealthcarePrivacy & SecurityprivacyRegulation

Electronic Health Record Compliance Measures Benefit Patient Centered Care

October 7, 2018HIPAA & Health Information

In a time when data breaches occur fairly frequently, whether it’s credit card information being stolen from department stores or a credit reporting bureau breach affecting hundreds of millions of customers, keeping personal information private seems to get harder every day. That fact may give patients pause when they are asked to sign up for an electronic health record account. A 2017 survey listed electronic health record management as one of patients top concerns. Changes in recent years have led to changes in compliance measures that make electronic health records security an added benefit to patients and ensure the continued increase of their adoption.

complianceCMSElectronic Health RecordEHRmedicareMedicaidJournal of Regulatory ComplianceHIPAAHITECH ActHITECHPromoting Interoperability ProgramPrivacy & SecurityRegulation

GDPR and HIPAA: Next Steps in the U.S. Healthcare Industry

September 19, 2018HIPAA & Health Information

The EU General Data Protection Regulation (“GDPR”) is now in effect as of May 25, 2018, and has been a prominent topic of international debate across multiple sectors as companies look to adjust to new stringent regulations in data management. With a wide scope (the GDPR now applies to all organizations possessing personal data of individuals based in the EU) and steep penalties for companies that fail to comply, companies across the globe are spending millions of dollars in preparation.

GDPRHIPAA

Rush University Medical Center’s 2019 Privacy Breach Incident

March 8, 2019HIPAA & Health Information

In March 2019, Rush University Medical Center (“Rush University”) sent out breach notification letters to approximately 45,000 patients. The letter advises patients that a privacy incident occurred that may have involved the patients’ personal information. The privacy incident was caused by an employee of a third-party financial services vendor. The employee released a file that contained patient information to an unauthorized person. According to the breach notification letter, law enforcement and regulatory officials were involved in the investigation of the privacy incident. Rush University sent the breach notification letter in compliance with the Health Insurance Portability and Accountability Act’s privacy and security rules.

compliance programcomplianceHIPAAHHShealthcarePrivacy & Securityprivacy