It’s now a familiar scene. News coverage regularly includes video footage capturing exhausted healthcare workers, lifeless bodies in hospital beds and COVID-19 treatment areas. OCR reminds healthcare providers that allowing media access to patient care areas without patient authorization violates HIPAA, regardless of the COVID-19 public health emergency. In the past, hospitals have paid millions of dollars in settlements for permitting access without proper authorization and increased enforcement on this issue may be on the horizon.
Category Archives: HIPAA Enforcement
In line with its other Notices of Enforcement Discretion, OCR announced today that it will not enforce HIPAA rules against healthcare providers and their business associates for HIPAA violations that occur during the good faith operation of a community-based COVID-19 specimen collection and testing site, such as a mobile, drive-through or walk-up site.
By executive order late yesterday, Governor Ned Lamont expanded permission to offer “audio-only” telehealth services to commercial insurer’s in-network providers furnishing covered telehealth services. Two days ago, the Governor granted this permission to Medicaid providers serving Medicaid beneficiaries. The Executive Order also addresses licensure and location requirements and conditions for other providers wishing to offer telehealth services. Additionally, the order assures providers that compliance with federal agency guidance on HIPAA is adequate to meet state law.
Today, the Department of Health and Human Services announced that its Office for Civil Rights, which enforces HIPAA, will not enforce requirements that are a barrier to making telehealth services available.
Lessons from the first enforcement action of 2020: (1) No covered entity is immune from HIPAA enforcement. (2) Craft factual breach reports that leave no unanswered questions and do not unnecessarily grab OCR’s attention.
It appears that the 2019 HIPAA enforcement year is over with a lot less fanfare (and cash) than last year but it did provide important insights into enforcement trends. *Distributed by Law360 on January 22, 2020 and included in its Health Law and Cybersecurity and Privacy Law. newsletters.
It appears that the 2019 HIPAA enforcement year is over with a lot less fanfare (and cash) than last year. The total in settlements and penalties for 2019 is $12.2 million, which is substantially less than OCR’s highest ever total of $28.7 million just one year ago.
With less than two days left in 2019, the Department of Health and Human Services’ Office for Civil Rights announced that a small, rural Georgia ambulance provider agreed to pay $65,000 to settle claims of multiple HIPAA Security Rule violations.
Earlier this year, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced a Right of Access Enforcement Initiative, which would focus on ensuring that patients were getting timely access to their records without being overcharged. Prior to this announcement, enforcement actions against providers for denying a patient the proper right of access were rare. Since announcing the initiative, OCR has swiftly pursued claims resulting in two settlements within months of each other.