On December 15, 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced its 17th HIPAA Right of Access settlement of the year. Overall, OCR has settled or assessed a penalty in a Right of Access enforcement matter 42 times since it began its Right of Access enforcement initiative in 2019. […]
(Revised 1/6/2023; 1/23/2023 – The CT HIE, known as Connie, is new and many aspects of its operations are still in flux. Further, the information I provide is only as good as the information I receive. As I gather new information that contradicts or clarifies old information, I will update this article.) Connecticut is the […]
Every couple of months, DMC Law invites healthcare professionals who regularly grapple with privacy issues to gather (remotely) and discuss those issues. The HIPAA Helpline is not a webinar. It’s an interactive session. DMC Law’s lawyers, Dena Castricone and Tracy Guarnieri, review legal requirements while participants share stories, questions and best practices. The goal of […]
A federal district court in Texas issued an opinion on February 23, 2022 (Decision) in which it concluded that the involved governmental agencies made some significant missteps in promulgating regulations under the No Surprises Act (NSA). The NSA took effect on January 1, 2022 and establishes federal protections against surprise medical bills. The law and […]
Here it is! My annual summary of HIPAA enforcement action resolutions. I know you all have been eagerly awaiting its arrival. No plot twists or surprises this year – the enforcement themes are much the same as those in 2020. As I explain below, Right of Access was again the star.
Today, the Connecticut Attorney General’s office announced that it created an online form for data breach reporting. According to the CT AG’s office, “[t]he need for a standardized, online submission form was also motivated by recent amendments to Connecticut’s data breach notification statute.” Those amendments, which took effect on October 1, 2021, include a broadened definition of personal information and a reduced timeframe for notification and reporting from 90 days to 60 days.
Effective January 1, 2022, healthcare providers and facilities will be subject to the No Surprises Act (NSA), which establishes federal protections against surprise medical bills. While there are several parts of the NSA that impact some but not all healthcare providers or facilities (e.g., balance billing prohibitions), the requirement to provide good faith estimates (GFEs) […]
Yesterday, the Department of Health and Human Services’ Office for Civil Rights announced the resolution of five more HIPAA Right of Access claims. That brings the total number of Right of Access resolutions this year to 12 (including a civil monetary penalty), edging out last year’s total of 11. As for settlement and penalty amounts, the Right of Access total for 2021 has surpassed 2020 by more than $300,000.
In my July 23, 2020 blog post, I used the familiar characters in the beloved fable The Three Little Pigs to illustrate the importance of building a secure and compliant telehealth delivery system. I explained that, despite the Office for Civil Rights’ (OCR) announcement of enforcement discretion during the public health emergency (PHE), healthcare providers should establish HIPAA-compliant telehealth delivery systems before enforcement discretion ended. Because the PHE may soon be over, that message bears repeating.
Written in collaboration with Nathaly Tamayo, JD.
Late in the legislative session, both the Connecticut House and Senate passed House Bill 5310 (now Public Act 21-59), An Act Concerning Data Privacy Breaches, which substantially amends Connecticut’s data breach notification statute (CGS §36a-701b). Although the bill implemented a number of revisions, the most notable changes significantly expand the definition of personal information and shorten the notification timeframe.