Tag Archives: HIPAA

Sharing and Mining Patient Data in Digital Health and Telemedicine: Laws You Need to Know

data mining
The use of new technologies such as digital health applications, telemedicine, and information exchanges can provide game-changing benefits for providers and patients alike.  However, with increased sharing comes increased risks to both the security and the privacy of patient information.  Most digital health and telemedicine companies are aware of data security and breaches.  However, an … Continue reading this entry

Lessons Learned from 2017 OCR HIPAA Enforcement Actions

So far 2017 is proving to be an active year for Health Insurance Portability and Accountability Act (HIPAA) enforcement. This comes on the heels of 2016, which saw an unprecedented level of enforcement actions, with 13 total settlements and nearly a 300 percent increase in total collected fines over 2015. To date in 2017, nine … Continue reading this entry

Ransomware Reporting Requirements & New HHS Guidance

New York Office of the Medicaid Inspector General Releases 2014-2015 Work Plan
Ransomware is malicious software that denies access to data, usually by encrypting the data with a private encryption key that is only provided once a ransom is paid. Sometimes the ransomware will actually destroy, steal, or export data from information systems. Ransomware has become a significant threat to all U.S. businesses and individuals, and a … Continue reading this entry

Hospital Text Messaging Rules Placed on Hold by Joint Commission

The Joint Commission, which accredits hospitals and other health care organizations, hit pause on its prior May 2016 announcement to allow secure text messaging in hospitals and other health care organizations. The use of text messaging in Joint Commission accredited organizations is delayed until September 2016. In the interim, The Joint Commission will collaborate with … Continue reading this entry

Report Warns Providers of HIPAA Violations When Responding to Negative Online Reviews

ProPublica, a public interest investigative newsroom, recently identified more than 3,500 one-star medical reviews on Yelp in which patients complained about privacy issues. ProPublica determined that “in dozens of instances, responses to complaints about medical care turned into disputes over patient privacy.” For example, ProPublica noted consumers giving providers negative reviews on Yelp and providers … Continue reading this entry

HIPAA Compliance: Navigating a Health Care Minefield

Compliance
In the two decades since its original passage, complying with the federal Health Insurance Portability and Accountability Act (HIPAA) hasn’t gotten any easier. Enacted with the primary goal of protecting the confidentiality, integrity and availability of healthcare information, HIPAA presents daunting administrative, technological and financial burdens for health care organizations. The burdens are only becoming … Continue reading this entry

OCR Releases Updated HIPAA Audit Protocol and Business Associate Listing Template

The Office of Civil Rights (OCR) recently updated the audit protocol that it will be using to assess Covered Entities’ and Business Associate’s compliance with the Health Insurance Portability and Accountability Act (HIPAA) privacy, security, and breach notification rules. OCR also released a template that Covered Entities and Business Associates may use to keep track of … Continue reading this entry

Phase 2 of HIPAA Compliance Audits Now Underway

The Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services (DHHS) recently announced that it has initiated Phase 2 of its audit program to assess Covered Entities’ and Business Associate’s compliance with the Health Insurance Portability and Accountability Act (HIPAA) privacy, security, and breach notification rules (the HIPAA Audit Program). … Continue reading this entry

Executive Gun Control Actions Result in HIPAA Modifications

In response to the Obama Administration’s executive actions to reduce gun violence, on January 4, 2016, the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) issued a final rule, which modifies the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule that previously prevented states from making information available to the … Continue reading this entry

Recent Enforcement Shows the Importance of Encrypting Mobile Devices Containing Protected Health Information

With headlines every day announcing another release of Protected Health Information (PHI), providers are asking themselves – is there a way to protect against these breaches? Beyond improving the security of large systems, attention is needed to protect PHI contained in laptops and other mobile devices, which account for a large percentage of PHI breaches.… Continue reading this entry

The Telehealth Top 10 for 2015

Telemedicine
Telehealth continues to be an innovative alternative to traditional brick-and-mortar medicine. The number of providers offering telehealth services is rapidly increasing and states are enacting laws requiring health plans to cover telehealth services and telehealth technology at a brisk pace. Listed below are the top ten key issues that providers of telehealth services should keep … Continue reading this entry

Is My Telehealth App Subject to HIPAA?

Many telehealth and mHealth app developers are concerned about whether or not their app is a medical device under FDA regulations (and rightfully so), they often pay less attention to the Health Insurance Portability and Accountability Act (“HIPAA”) rules. The developer either mistakenly presumes HIPAA applies to their app or neglects to consider health privacy issues … Continue reading this entry

ONC Releases Updated Guide to Privacy and Security of Electronic Health Information

The Office of the National Coordinator for Health Information Technology (“ONC”) of the U.S. Department of Health and Human Services (“HHS”) recently released Version 2.0 of the Guide to Privacy and Security of Electronic Health Information (“Guide”). The Guide is a tool intended to assist providers as they work to comply with federal programs’ requirements … Continue reading this entry

What Does President Obama's $215 Million "Precision Medicine Initiative" Mean for Genetic Privacy?

We have all heard about the burgeoning opportunities tied to the development of precision medicine (also called “personalized medicine”), which includes the use of an individual’s genetic information to design targeted treatments. In fact, these opportunities are now receiving increased visibility due to President Obama’s recent push for a “Precision Medicine Initiative.” Privacy issues are of critical … Continue reading this entry

mHealth Technology – Development in an Uncertain Regulatory Climate

mHealth
The development and use of mobile technologies and devices is expanding at an incredibly fast pace and is changing, and in fact revolutionizing, the way patients and healthcare providers interact. Mobile medical technologies or “mHealth” technologies and applications can allow patients to better manage their own health and wellness, and provides patients and providers with … Continue reading this entry

Transitional Compliance Period for Business Associate Agreements Expiring September 23, 2014

If they have not already done so, covered entities and business associates have until September 23, 2014, to update their business associate agreements to comply with the January 2013 changes to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).… Continue reading this entry

Healthcare Law: What Every Provider Should Know

Compliance
Healthcare is an incredibly broad, diverse and dynamic industry. Because of the breadth in the field, providers are surrounded by a wide array of legal issues relating to: employment contracts, taxes, business structure, medical malpractice, nonprofit organization, insurance, and reimbursement to name a few. However, although the field is riddled with potential legal issues, there … Continue reading this entry

FTC Uses its "Unfair Acts" Power to Go After PHI Security Breach

As if HIPAA Weren’t Enough… The Federal Trade Commission (FTC) is moving forward with an administrative action against a small medical laboratory that suffered two data security breaches, resulting in its patients’ protected health information falling into the hands of identity thieves. The facts of this case are unremarkable: a small facility suffered a data … Continue reading this entry

Largest Ever HIPAA Fine Comes Down Hard on Two New York Hospitals

New York-Presbyterian Hospital (NYP) will pay $3.3 million and Columbia University (CU) will pay $1.5 million to settle allegations that they failed to secure thousands of patients’ electronic protected health information (ePHI) held on their network. The monetary payments totaling $4,800,000 are the largest HIPAA settlement to date. In addition to the payment of this significant fine, NYP … Continue reading this entry

HHS Issues Guidance on Sharing Mental Health Information

The U.S. Department of Health and Human Services (HHS) recently issued guidance on when it may be permissible under the Health Insurance Portability and Accountability Act (HIPAA) for health care providers to share information related to a patient’s mental health, HIPAA Privacy Rule and Sharing Information Related to Mental Health. Of note, the new guidance clarified … Continue reading this entry