On November 28, 2022, the Department of Health and Human Services (HHS) issued proposed changes to regulations implementing amendments Congress made in 2020 to the confidentiality of substance use disorder (SUD) records law. These long-awaited (and overdue) proposals paint an important picture of things to come, especially with respect to enforcement. Below are three key […]
Author Archives: Dena M. Castricone, CIPP/US, CIPM
Effective July 1, 2022, Connecticut’s Reproductive Freedom Act (PA 22-19) expands access to abortion, enhances protections for reproductive healthcare records and provides protections to abortion providers and patients receiving abortion care in the state. Connecticut was the first state to pass such legislation after news of the Dobbs decision leaked. Massachusetts and California followed suit. This […]
Today, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced three more HIPAA Right of Access enforcement resolutions – all against dentists. And the story is largely the same: patients requested records and did not timely or properly receive those records. In one instance, the dental practice significantly overcharged for records. […]
Last week, the Office for Civil Rights (OCR) reminded us of the importance of the basics when it comes to protecting patient information. On August 23rd, it announced a HIPAA enforcement action involving tangible protected health information (PHI) that a practice tossed out with the rest of the trash. For over a decade, PHI in […]
Protecting personal information is important to all Americans. In the absence of a comprehensive federal privacy law (the US is one of the few remaining countries without one), states are stepping up. Five states have adopted comprehensive privacy legislation: California, Colorado, Connecticut, Virginia and Utah. And more than half of the country’s state legislatures have […]
Healthcare providers carry a heavy load and it just got heavier. In the wake of the reversal of Roe v. Wade and the prohibition and criminalization of abortion in some states, healthcare providers are now burdened with being more vigilant than ever in defending patients’ privacy rights. This is true in all states, even where […]
If you asked me Friday morning of last week to give you my impression of HIPAA enforcement so far in 2022, I would have said “slow.” Up to that point, OCR had announced only four enforcement actions and all on the same day in March (see Three Dentists and a Psychiatrist Walk into a Bar: […]
Today, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance on HIPAA requirements as they relate to audio-only telehealth. Importantly, for the first time, OCR provides insights on its position on the difference between landline and VoIP telecommunication services. OCR’s guidance applies now and after its telehealth enforcement discretion is […]
Operational challenges abound in the healthcare industry. This creates opportunities for technology companies, consultants and others to offer supportive services and innovative solutions. Many of those supporting organizations will qualify as business associates under the Health Insurance Portability and Accountability Act (HIPAA). In this post, we explore what it means to be a business associate, […]
Healthcare providers regularly receive subpoenas for medical records. All too often, providers simply turn over the subpoenaed records without ensuring that the disclosure is permitted by law. A recent Connecticut appeals court decision, Byrne v. Avery Center for Obstetrics and Gynecology, P.C., upheld a jury award of $853,000 for a healthcare provider’s improper medical record […]