Category Archives: HIPAA

Part I: Changes to 42 CFR Part 2 – The Single Consent for Treatment, Payment and Healthcare Operations

In the 2020 Coronavirus Aid, Relief, and Economic Security Act (CARES Act), Congress amended the federal law protecting the confidentiality of substance use disorder (SUD) records to facilitate the coordination of care in an effort to combat the opioid epidemic.  It also directed the Department of Health and Human Services (HHS) to revise the related […]

HIPAA Enforcement 2023: A Year in Review

The landscape of enforcement actions related to the Health Insurance Portability and Accountability Act (HIPAA) provides valuable insights into enforcement priorities, which can vary from year to year. In fact, 2023 was very different than 2022 (“The Year of the Dentist”).  Specifically, in 2023, there was a notable decrease in patients’ right of access matters […]

The Pixel Problem: Tracking Technologies and OCR’s Guidance

In June 2022, several media outlets broke a story about hospitals using a website technology that caused patient data to be sent to Facebook known as Meta Pixel.  Specifically, the investigation found that 33% of the top 100 hospitals tracked user activity tied to scheduling appointments and, because the hospitals used Meta Pixel technology on […]

DMC Law’s Comments on Proposed HIPAA Changes to Protect Reproductive Health Information

VIA Electronic Submission at www.regulations.gov RE:  HIPAA Privacy Rule to Support Reproductive Health Care Privacy, NPRM, RIN 0945-AA20 Dear Department of Health and Human Services, Thank you for the opportunity to submit comments on the Notice of Proposed Rule Making regarding proposed modifications to the HIPAA Privacy Rule to Support Reproductive Health Care Privacy (NPRM).  […]

A Purpose-Driven Approach: OCR Offers an Elegant Solution to Protect Reproductive Health Records in its Proposed Changes to HIPAA

Earlier this year, we learned that the U.S. Department of Health & Human Services’ (HHS) Office for Civil Rights (OCR) would propose changes to HIPAA to protect reproductive health information in the wake of the 2022 Dobbs v. Jackson Women’s Health Organization decision.  Since learning about the impending proposal, many of us speculated on OCR’s […]

Telehealth, Privacy and The Three Little Pigs: The Final Episode

Written in collaboration with Melissa Chaplik, JD Candidate 2024 The COVID-19 Public Health Emergency (PHE) is ending on May 11, 2023, and so are HIPAA compliance flexibilities for telehealth. Here’s to hoping that the first two episodes of Telehealth, Privacy and The Three Little Pigs inspired action.  In the first episode, I warned: Telehealth is […]

HIPAA Enforcement in 2022: The Year of the Dentist

Written in collaboration with Melissa Chaplik, JD Candidate 2024 Dentists take note:  HIPAA most likely applies to your practice (and it has for the last 20 years).[i]  Doing things like blasting a patient in response to a negative review on-line, using patient data for a political campaign, and ignoring correspondence from regulators is bad (i.e., […]

OCR Strikes Again: Another HIPAA Right of Access Settlement

On December 15, 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced its 17th HIPAA Right of Access settlement of the year.  Overall, OCR has settled or assessed a penalty in a Right of Access enforcement matter 42 times since it began its Right of Access enforcement initiative in 2019. […]

OCR’s Focus on Dentists Continue: Dentist Pays for Responding to On-Line Reviews

No one likes receiving negative reviews on Yelp.  But healthcare providers need to exercise better restraint than a dentist who will pay $23,000 to the Department of Health and Human Services’ Office for Civil Rights (OCR) to settle claims that his responsive posts violated HIPAA. OCR received a complaint that New Vision Dental (NVD) continuously […]

Connie: CT’s Health Information Exchange and Providers’ Obligations to Participate

(Revised 1/6/2023; 1/23/2023; 2/11/2023; 3/27/2023; 4/20/2023 – The CT HIE, known as Connie, is new and many aspects of its operations are still in flux.  Further, the information I provide is only as good as the information I receive.  As I gather new information that contradicts or clarifies old information, I will update this article.) […]