Category Archives: Compliance

HIPAA Enforcement 2023: A Year in Review

The landscape of enforcement actions related to the Health Insurance Portability and Accountability Act (HIPAA) provides valuable insights into enforcement priorities, which can vary from year to year. In fact, 2023 was very different than 2022 (“The Year of the Dentist”).  Specifically, in 2023, there was a notable decrease in patients’ right of access matters […]

The DEA’s Proposed Rules on Telehealth Prescribing of Controlled Substance Fall Short of Expectations

During the COVID-19 pandemic, the government extended much-needed flexibilities surrounding telehealth to facilitate access to care.  Many of these flexibilities were lifesaving.  This included allowing the prescription of controlled substances via telehealth to treat substance use disorders and psychiatric conditions. Background Prior to the pandemic, in most instances, a patient required at least one in-person […]

Telehealth, Privacy and The Three Little Pigs: The Final Episode

Written in collaboration with Melissa Chaplik, JD Candidate 2024 The COVID-19 Public Health Emergency (PHE) is ending on May 11, 2023, and so are HIPAA compliance flexibilities for telehealth. Here’s to hoping that the first two episodes of Telehealth, Privacy and The Three Little Pigs inspired action.  In the first episode, I warned: Telehealth is […]

OCR Strikes Again: Another HIPAA Right of Access Settlement

On December 15, 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced its 17th HIPAA Right of Access settlement of the year.  Overall, OCR has settled or assessed a penalty in a Right of Access enforcement matter 42 times since it began its Right of Access enforcement initiative in 2019. […]

Connie: CT’s Health Information Exchange and Providers’ Obligations to Participate

(Revised 1/6/2023; 1/23/2023; 2/11/2023; 3/27/2023; 4/20/2023 – The CT HIE, known as Connie, is new and many aspects of its operations are still in flux.  Further, the information I provide is only as good as the information I receive.  As I gather new information that contradicts or clarifies old information, I will update this article.) […]

DMC Law’s HIPAA Helpline Virtual Discussion Group

Every couple of months, DMC Law invites healthcare professionals who regularly grapple with privacy issues to gather (remotely) and discuss those issues.  The HIPAA Helpline is not a webinar.  It’s an interactive session.  DMC Law’s lawyers, Dena Castricone and Tracy Guarnieri, review legal requirements while participants share stories, questions and best practices.  The goal of […]

Federal Court Strikes Down Part of Surprise Billing Rule

A federal district court in Texas issued an opinion on February 23, 2022 (Decision) in which it concluded that the involved governmental agencies made some significant missteps in promulgating regulations under the No Surprises Act (NSA).  The NSA took effect on January 1, 2022 and establishes federal protections against surprise medical bills.  The law and […]

A Year in Review: HIPAA Enforcement Action Resolutions in 2021

Here it is!  My annual summary of HIPAA enforcement action resolutions.  I know you all have been eagerly awaiting its arrival.  No plot twists or surprises this year – the enforcement themes are much the same as those in 2020.  As I explain below, Right of Access was again the star. 

CT AG Announces Online Breach Reporting Form

Today, the Connecticut Attorney General’s office announced that it created an online form for data breach reporting.  According to the CT AG’s office, “[t]he need for a standardized, online submission form was also motivated by recent amendments to Connecticut’s data breach notification statute.”  Those amendments, which took effect on October 1, 2021, include a broadened definition of personal information and a reduced timeframe for notification and reporting from 90 days to 60 days. 

The Good Faith Estimate Requirement Under the No Surprises Act

Effective January 1, 2022, healthcare providers and facilities will be subject to the No Surprises Act (NSA), which establishes federal protections against surprise medical bills. While there are several parts of the NSA that impact some but not all healthcare providers or facilities (e.g., balance billing prohibitions), the requirement to provide good faith estimates (GFEs) […]