Late last week, the Department of Health and Human Services (HHS) released its Model Attestation for use as required under its new final rule for the protection of reproductive health information. I explain the attestation requirement in section D of my blog post on the final rule. On June 18, 2024, I shared my sample […]
Author Archives: Dena M. Castricone, CIPP/US, CIPM
In Parts 1 and 2 in this series on the Pixel Problem, I review the original and revised guidance from the Department of Health and Human Services (HHS) on the Use of Tracking Technologies by HIPAA Covered Entities and Business Associates. I noted that HHS’s guidance, even as revised, went too far in determining what […]
On April 26, 2024, just one year after issuing its proposed rule, the Department of Health and Human Services (HHS) finalized changes to the HIPAA Privacy Rule on the protection of reproductive health information (Final Rule). In 91 pages of tiny font in the Federal Register, HHS addressed the 25,000 comments it received and ultimately […]
During the final hours of the Connecticut legislative session, the state Senate passed House Bill 5198, solidifying changes to the state’s telehealth law, sending the bill to the Governor for signature. This bill adopts some of the temporary pandemic-era changes to the telehealth law, such as permitting audio-only telehealth and prohibiting insurers from paying less […]
Within the last week, both chambers of the Connecticut Legislature passed Senate Bill 1, which includes provisions revising the law governing the Statewide Health Information Exchange known as Connie (sections 21-24). Once the Governor signs the bill, it will take effect on July 1, 2024. In summary, the bill makes clear that healthcare providers are […]
In December 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) released “guidance” on the use of tracking technologies, which took an overboard approach to the use of basic website analytics tools (2022 Guidance). Courts criticized OCR’s 2022 Guidance, and last fall, the American Hospital Association sued OCR, alleging agency overreach. […]
Buckle up. The 42 CFR Part 2 enforcement ride is about to begin. In the 2020 CARES Act, Congress directed that the civil and criminal penalties under the Health Insurance Portability and Accountability Act (HIPAA) apply to the federal regulations protecting substance use disorder (SUD) records. The Department of Health and Human Services (HHS) issued […]
As discussed in Part I of this series, Congress amended the federal law protecting the confidentiality of substance use disorder (SUD) records as part of the 2020 CARES Act and directed the Department of Health and Human Services (HHS) to revise the related regulations at 42 CFR Part 2. Congress’s goal was to align the […]
In the 2020 Coronavirus Aid, Relief, and Economic Security Act (CARES Act), Congress amended the federal law protecting the confidentiality of substance use disorder (SUD) records to facilitate the coordination of care in an effort to combat the opioid epidemic. It also directed the Department of Health and Human Services (HHS) to revise the related […]
The landscape of enforcement actions related to the Health Insurance Portability and Accountability Act (HIPAA) provides valuable insights into enforcement priorities, which can vary from year to year. In fact, 2023 was very different than 2022 (“The Year of the Dentist”). Specifically, in 2023, there was a notable decrease in patients’ right of access matters […]