DMC Law’s HIPAA Helpline Virtual Discussion Group

Every couple of months, DMC Law invites healthcare professionals who regularly grapple with privacy issues to gather (remotely) and discuss those issues.  The HIPAA Helpline is not a webinar.  It’s an interactive session.  DMC Law’s lawyers, Dena Castricone and Tracy Guarnieri, review legal requirements while participants share stories, questions and best practices.  The goal of the HIPAA Helpline is to help each other by using our collective knowledge and experience.

After each session, DMC Law posts to its learning management system (LMS) a recording of the session along with useful content like sample policies or relevant articles.  All participants are granted access to the LMS and can use it to interact with the group between sessions.

The first HIPAA Helpline session on Feb. 1st focused on HIPAA breach reporting.  We covered the following:

  • Timely HIPAA breach reporting
  • The keys to a good HIPAA breach report
  • The elements of a risk assessment to determine that there is no HIPAA breach
  • Changes to the state laws that now require reporting of medical and insurance information breaches

During our second session on April 19th, we discussed the hot enforcement topic of a patient’s right of access, including:

  • OCR’s prompt and vigorous enforcement
  • Common right of access mistakes
  • The limited circumstances under which access can be denied
  • Best practices for responding to patient requests for access to records

Our upcoming third session will explore the topic of managing risks related to business associates.  We will talk about:

  • Covered entities’ obligations with respect to business associates under HIPAA
  • Due diligence steps covered entities should take before engaging a business associate
  • Clauses to include in business associate agreements designed to mitigate risk
  • Monitoring activities to consider throughout the relationship

While most HIPAA Helpline participants are in Connecticut or Massachusetts, all healthcare professionals who deal with health privacy issues are welcome to participate.  If you are interested, please email