On April 26, 2024, just one year after issuing its proposed rule, the Department of Health and Human Services (HHS) finalized changes to the HIPAA Privacy Rule on the protection of reproductive health information (Final Rule). In 91 pages of tiny font in the Federal Register, HHS addressed the 25,000 comments it received and ultimately […]
Category Archives: Compliance
The landscape of enforcement actions related to the Health Insurance Portability and Accountability Act (HIPAA) provides valuable insights into enforcement priorities, which can vary from year to year. In fact, 2023 was very different than 2022 (“The Year of the Dentist”). Specifically, in 2023, there was a notable decrease in patients’ right of access matters […]
During the COVID-19 pandemic, the government extended much-needed flexibilities surrounding telehealth to facilitate access to care. Many of these flexibilities were lifesaving. This included allowing the prescription of controlled substances via telehealth to treat substance use disorders and psychiatric conditions. Background Prior to the pandemic, in most instances, a patient required at least one in-person […]
Written in collaboration with Melissa Chaplik, JD Candidate 2024 The COVID-19 Public Health Emergency (PHE) is ending on May 11, 2023, and so are HIPAA compliance flexibilities for telehealth. Here’s to hoping that the first two episodes of Telehealth, Privacy and The Three Little Pigs inspired action. In the first episode, I warned: Telehealth is […]
On December 15, 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced its 17th HIPAA Right of Access settlement of the year. Overall, OCR has settled or assessed a penalty in a Right of Access enforcement matter 42 times since it began its Right of Access enforcement initiative in 2019. […]
(Revised 1/6/2023; 1/23/2023; 2/11/2023; 3/27/2023; 4/20/2023 – The CT HIE, known as Connie, is new and many aspects of its operations are still in flux. Further, the information I provide is only as good as the information I receive. As I gather new information that contradicts or clarifies old information, I will update this article.) […]
Every couple of months, DMC Law invites healthcare professionals who regularly grapple with privacy issues to gather (remotely) and discuss those issues. The HIPAA Helpline is not a webinar. It’s an interactive session. DMC Law’s lawyers, Dena Castricone and Tracy Guarnieri, review legal requirements while participants share stories, questions and best practices. The goal of […]
A federal district court in Texas issued an opinion on February 23, 2022 (Decision) in which it concluded that the involved governmental agencies made some significant missteps in promulgating regulations under the No Surprises Act (NSA). The NSA took effect on January 1, 2022 and establishes federal protections against surprise medical bills. The law and […]
Here it is! My annual summary of HIPAA enforcement action resolutions. I know you all have been eagerly awaiting its arrival. No plot twists or surprises this year – the enforcement themes are much the same as those in 2020. As I explain below, Right of Access was again the star.
Today, the Connecticut Attorney General’s office announced that it created an online form for data breach reporting. According to the CT AG’s office, “[t]he need for a standardized, online submission form was also motivated by recent amendments to Connecticut’s data breach notification statute.” Those amendments, which took effect on October 1, 2021, include a broadened definition of personal information and a reduced timeframe for notification and reporting from 90 days to 60 days.
- 1
- 2