In Parts 1 and 2 in this series on the Pixel Problem, I review the original and revised guidance from the Department of Health and Human Services (HHS) on the Use of Tracking Technologies by HIPAA Covered Entities and Business Associates. I noted that HHS’s guidance, even as revised, went too far in determining what […]
Category Archives: HIPAA Enforcement
Buckle up. The 42 CFR Part 2 enforcement ride is about to begin. In the 2020 CARES Act, Congress directed that the civil and criminal penalties under the Health Insurance Portability and Accountability Act (HIPAA) apply to the federal regulations protecting substance use disorder (SUD) records. The Department of Health and Human Services (HHS) issued […]
The landscape of enforcement actions related to the Health Insurance Portability and Accountability Act (HIPAA) provides valuable insights into enforcement priorities, which can vary from year to year. In fact, 2023 was very different than 2022 (“The Year of the Dentist”). Specifically, in 2023, there was a notable decrease in patients’ right of access matters […]
Written in collaboration with Melissa Chaplik, JD Candidate 2024 The COVID-19 Public Health Emergency (PHE) is ending on May 11, 2023, and so are HIPAA compliance flexibilities for telehealth. Here’s to hoping that the first two episodes of Telehealth, Privacy and The Three Little Pigs inspired action. In the first episode, I warned: Telehealth is […]
Written in collaboration with Melissa Chaplik, JD Candidate 2024 Dentists take note: HIPAA most likely applies to your practice (and it has for the last 20 years).[i] Doing things like blasting a patient in response to a negative review on-line, using patient data for a political campaign, and ignoring correspondence from regulators is bad (i.e., […]
On December 15, 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced its 17th HIPAA Right of Access settlement of the year. Overall, OCR has settled or assessed a penalty in a Right of Access enforcement matter 42 times since it began its Right of Access enforcement initiative in 2019. […]
No one likes receiving negative reviews on Yelp. But healthcare providers need to exercise better restraint than a dentist who will pay $23,000 to the Department of Health and Human Services’ Office for Civil Rights (OCR) to settle claims that his responsive posts violated HIPAA. OCR received a complaint that New Vision Dental (NVD) continuously […]
Today, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced three more HIPAA Right of Access enforcement resolutions – all against dentists. And the story is largely the same: patients requested records and did not timely or properly receive those records. In one instance, the dental practice significantly overcharged for records. […]
Last week, the Office for Civil Rights (OCR) reminded us of the importance of the basics when it comes to protecting patient information. On August 23rd, it announced a HIPAA enforcement action involving tangible protected health information (PHI) that a practice tossed out with the rest of the trash. For over a decade, PHI in […]
If you asked me Friday morning of last week to give you my impression of HIPAA enforcement so far in 2022, I would have said “slow.” Up to that point, OCR had announced only four enforcement actions and all on the same day in March (see Three Dentists and a Psychiatrist Walk into a Bar: […]