Today, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced three more HIPAA Right of Access enforcement resolutions – all against dentists. And the story is largely the same: patients requested records and did not timely or properly receive those records. In one instance, the dental practice significantly overcharged for records. […]
Author Archives: Dena M. Castricone, CIPP/US, CIPM
Last week, the Office for Civil Rights (OCR) reminded us of the importance of the basics when it comes to protecting patient information. On August 23rd, it announced a HIPAA enforcement action involving tangible protected health information (PHI) that a practice tossed out with the rest of the trash. For over a decade, PHI in […]
Protecting personal information is important to all Americans. In the absence of a comprehensive federal privacy law (the US is one of the few remaining countries without one), states are stepping up. Five states have adopted comprehensive privacy legislation: California, Colorado, Connecticut, Virginia and Utah. And more than half of the country’s state legislatures have […]
Healthcare providers carry a heavy load and it just got heavier. In the wake of the reversal of Roe v. Wade and the prohibition and criminalization of abortion in some states, healthcare providers are now burdened with being more vigilant than ever in defending patients’ privacy rights. This is true in all states, even where […]
If you asked me Friday morning of last week to give you my impression of HIPAA enforcement so far in 2022, I would have said “slow.” Up to that point, OCR had announced only four enforcement actions and all on the same day in March (see Three Dentists and a Psychiatrist Walk into a Bar: […]
Today, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance on HIPAA requirements as they relate to audio-only telehealth. Importantly, for the first time, OCR provides insights on its position on the difference between landline and VoIP telecommunication services. OCR’s guidance applies now and after its telehealth enforcement discretion is […]
Operational challenges abound in the healthcare industry. This creates opportunities for technology companies, consultants and others to offer supportive services and innovative solutions. Many of those supporting organizations will qualify as business associates under the Health Insurance Portability and Accountability Act (HIPAA). In this post, we explore what it means to be a business associate, […]
Healthcare providers regularly receive subpoenas for medical records. All too often, providers simply turn over the subpoenaed records without ensuring that the disclosure is permitted by law. A recent Connecticut appeals court decision, Byrne v. Avery Center for Obstetrics and Gynecology, P.C., upheld a jury award of $853,000 for a healthcare provider’s improper medical record […]
Every couple of months, DMC Law invites healthcare professionals who regularly grapple with privacy issues to gather (remotely) and discuss those issues. The HIPAA Helpline is not a webinar. It’s an interactive session. DMC Law’s lawyers, Dena Castricone and Tracy Guarnieri, review legal requirements while participants share stories, questions and best practices. The goal of […]
After failed attempts in years past, on April 28, 2022, Connecticut became the fifth state to pass a consumer data privacy bill. It is headed to the Governor’s desk for signature, and he is expected to sign. Entitled “An Act Concerning Personal Data Privacy and Online Monitoring,” it enjoyed bipartisan support passing unanimously in the […]