Written in collaboration with Nathaly Tamayo, JD.
Late in the legislative session, both the Connecticut House and Senate passed House Bill 5310 (now Public Act 21-59), An Act Concerning Data Privacy Breaches, which substantially amends Connecticut’s data breach notification statute (CGS §36a-701b). Although the bill implemented a number of revisions, the most notable changes significantly expand the definition of personal information and shorten the notification timeframe.
Since the second grade, I knew I wanted to be a lawyer. My training as an advocate began more than a decade before law school while in line at a Little League registration table in Portsmouth, RI.
On May 6, 2021, I submitted comments to HHS/OCR on the proposed changes to the HIPAA Privacy Rule. A complete copy of that submission is here on my blog.
By Dayle A. Duran, Esq., CIPP/US and Dena M. Castricone, CIPP/US and CIPM
In January 2021, the 5th Circuit Court of Appeals issued an unanticipated decision that will send ripples across the healthcare industry for years. Beyond giving healthcare privacy and security professionals cause for relief, the M.D. Anderson v. HHS decision restores faith in the checks and balances on regulatory agency enforcement power.
OCR continues with vigorous enforcement of HIPAA’s Right of Access rules in 2021. In the first three months of the year, OCR announced five Right of Access settlements. The story is nearly identical in each – a patient requests records and a provider fails to timely provide access. Compliance with the Right of Access rules is relatively simple and one of the best ways to avoid unwanted attention from OCR.
On-demand access to March 2, 2021 webinar on treatment disclosures under HIPAA based on recent developments.
Despite the pandemic, HIPAA enforcement was hot in 2020. There were nearly twice as many enforcement action resolutions last year than in each of the previous three years. The DHHS’ Office for Civil Rights (OCR), which enforces HIPAA, announced a total of 19 resolutions in 2020. The 2020 resolutions offer different lessons from previous enforcement years, as the most common issue for enforcement in 2020 is relatively new: the Right of Access under the HIPAA Privacy Rule.
Written in collaboration with Erin MacLean, JD, CHC, CHPC. Over the past several weeks, many have been focused on the proposed changes to the HIPAA Privacy Rule announced in mid-December. While the proposed changes warrant attention and comment, the commentary to those proposed changes from the Department of Health and Human Services’ Office for Civil Rights (OCR) must not be overlooked. In its commentary, OCR provides valuable insights on its interpretation of a provider’s ability to disclose information to third parties under HIPAA’s current treatment exception, including a provider’s ability to share protected health information (PHI) with non-healthcare providers without an authorization.
OCR announced its first HIPAA enforcement resolution of 2021. Picking up where it left off in 2020, this settlement involves Right of Access claims and results in a large non-profit health system with several affiliated covered entities agreeing to pay $200,000 to settle claims related to two of its affiliated entities.
I learned a lot about the people who visit my blog based on the popularity of my posts. First, I learned that my visitors are far more interested when I involve others (or have someone else write the post all together!). Second, my visitors are more likely to read a blog post on how I feel about my work than the actual substance of my work. I will keep these points in mind for 2021, but I’m still going to write a lot about HIPAA and health privacy because I think it’s interesting (although, I admit, I may be the only one).