In December 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) released “guidance” on the use of tracking technologies, which took an overboard approach to the use of basic website analytics tools (2022 Guidance). Courts criticized OCR’s 2022 Guidance, and last fall, the American Hospital Association sued OCR, alleging agency overreach. […]
Category Archives: HIPAA
Buckle up. The 42 CFR Part 2 enforcement ride is about to begin. In the 2020 CARES Act, Congress directed that the civil and criminal penalties under the Health Insurance Portability and Accountability Act (HIPAA) apply to the federal regulations protecting substance use disorder (SUD) records. The Department of Health and Human Services (HHS) issued […]
As discussed in Part I of this series, Congress amended the federal law protecting the confidentiality of substance use disorder (SUD) records as part of the 2020 CARES Act and directed the Department of Health and Human Services (HHS) to revise the related regulations at 42 CFR Part 2. Congress’s goal was to align the […]
In the 2020 Coronavirus Aid, Relief, and Economic Security Act (CARES Act), Congress amended the federal law protecting the confidentiality of substance use disorder (SUD) records to facilitate the coordination of care in an effort to combat the opioid epidemic. It also directed the Department of Health and Human Services (HHS) to revise the related […]
The landscape of enforcement actions related to the Health Insurance Portability and Accountability Act (HIPAA) provides valuable insights into enforcement priorities, which can vary from year to year. In fact, 2023 was very different than 2022 (“The Year of the Dentist”). Specifically, in 2023, there was a notable decrease in patients’ right of access matters […]
In June 2022, several media outlets broke a story about hospitals using a website technology that caused patient data to be sent to Facebook known as Meta Pixel. Specifically, the investigation found that 33% of the top 100 hospitals tracked user activity tied to scheduling appointments and, because the hospitals used Meta Pixel technology on […]
VIA Electronic Submission at www.regulations.gov RE: HIPAA Privacy Rule to Support Reproductive Health Care Privacy, NPRM, RIN 0945-AA20 Dear Department of Health and Human Services, Thank you for the opportunity to submit comments on the Notice of Proposed Rule Making regarding proposed modifications to the HIPAA Privacy Rule to Support Reproductive Health Care Privacy (NPRM). […]
Earlier this year, we learned that the U.S. Department of Health & Human Services’ (HHS) Office for Civil Rights (OCR) would propose changes to HIPAA to protect reproductive health information in the wake of the 2022 Dobbs v. Jackson Women’s Health Organization decision. Since learning about the impending proposal, many of us speculated on OCR’s […]
Written in collaboration with Melissa Chaplik, JD Candidate 2024 The COVID-19 Public Health Emergency (PHE) is ending on May 11, 2023, and so are HIPAA compliance flexibilities for telehealth. Here’s to hoping that the first two episodes of Telehealth, Privacy and The Three Little Pigs inspired action. In the first episode, I warned: Telehealth is […]
Written in collaboration with Melissa Chaplik, JD Candidate 2024 Dentists take note: HIPAA most likely applies to your practice (and it has for the last 20 years).[i] Doing things like blasting a patient in response to a negative review on-line, using patient data for a political campaign, and ignoring correspondence from regulators is bad (i.e., […]