Today, the Department of Health and Human Services announced that its Office for Civil Rights, which enforces HIPAA, will not enforce requirements that are a barrier to making telehealth services available.
DHHS announced waivers of various compliance requirements for providers to ease administrative and operational burdens during this pandemic. I think the theme here is that providers just need to do the best that they can during these challenging times. Those that prioritize patient care, act reasonably and in good faith and do not commit fraud or abuse will be spared from enforcement actions.
Yesterday, the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator of Health Information Technology (ONC) released their long-awaited final rules on interoperability and information blocking.
Lessons from the first enforcement action of 2020: (1) No covered entity is immune from HIPAA enforcement. (2) Craft factual breach reports that leave no unanswered questions and do not unnecessarily grab OCR’s attention.
Consider the following: “It’s time to eat, Grandma!” versus “It’s time to eat Grandma!” Punctuation saves lives. It also potentially saved AT&T and Hilton many millions of dollars in two Telephone Consumer Protection Act suits.
A relatively new kind of ransomware is targeting law firms and publicly shaming them into paying the ransom or risk having the firm’s data dumped on the internet. In other ransomware news, instead of money, some hackers are demanding photos of women’s body parts.
Career day. Second grade. In my brown, corduroy blazer and matching briefcase (don’t judge – it was the early ‘80s), I was surrounded by football players and ballerinas.
The proposed modifications provide much-needed clarity to covered businesses in advance of the enforcement deadline and show that the AG seriously considered the comments and feedback it received. This post offers a very brief summary of some of the notable changes.
Just over a week ago, a federal district court invalidated part of HHS’s 2016 guidance on the fees a covered entity can charge for patient records. The court found that HHS exceeded its authority when it declared that only a limited fee could be charged for records sent to a third party at a patient’s direction.
Yesterday afternoon, Facebook announced its settlement of a biometric privacy class action for $550 million, the largest privacy class action settlement to date.