Category Archives: HIPAA

Business Associates: Excelling in HIPAA Compliance is Good for Business

Operational challenges abound in the healthcare industry.  This creates opportunities for technology companies, consultants and others to offer supportive services and innovative solutions.  Many of those supporting organizations will qualify as business associates under the Health Insurance Portability and Accountability Act (HIPAA). In this post, we explore what it means to be a business associate, […]

Subpoena Response that Violated HIPAA Costs a CT Healthcare Provider $853,000

Healthcare providers regularly receive subpoenas for medical records.  All too often, providers simply turn over the subpoenaed records without ensuring that the disclosure is permitted by law.  A recent Connecticut appeals court decision, Byrne v. Avery Center for Obstetrics and Gynecology, P.C., upheld a jury award of $853,000 for a healthcare provider’s improper medical record […]

DMC Law’s HIPAA Helpline Virtual Discussion Group

Every couple of months, DMC Law invites healthcare professionals who regularly grapple with privacy issues to gather (remotely) and discuss those issues.  The HIPAA Helpline is not a webinar.  It’s an interactive session.  DMC Law’s lawyers, Dena Castricone and Tracy Guarnieri, review legal requirements while participants share stories, questions and best practices.  The goal of […]

Three Dentists and a Psychiatrist Walk into a Bar: Four HIPAA Enforcement Actions that are No Joke

Three dentists and a psychiatrist walk into a bar . . . and they each walk out with a five-figure tab for HIPAA compliance failures.  It’s not funny, but the five-figure payment part is true and there’s a lot to be learned from their mistakes. The Department of Health and Human Services’ Office for Civil […]

HIPAA Right of Access Video Series

DMC Law is launching Privacy Pointers, which features short and informative videos on various privacy topics.  We begin Privacy Pointers with a series of videos on HIPAA’s Right of Access. There are six videos in this series that explore important aspects of the Right of Access.  Each video is no more than 5 minutes in length. […]

A Year in Review: HIPAA Enforcement Action Resolutions in 2021

Here it is!  My annual summary of HIPAA enforcement action resolutions.  I know you all have been eagerly awaiting its arrival.  No plot twists or surprises this year – the enforcement themes are much the same as those in 2020.  As I explain below, Right of Access was again the star. 

CT AG Announces Online Breach Reporting Form

Today, the Connecticut Attorney General’s office announced that it created an online form for data breach reporting.  According to the CT AG’s office, “[t]he need for a standardized, online submission form was also motivated by recent amendments to Connecticut’s data breach notification statute.”  Those amendments, which took effect on October 1, 2021, include a broadened definition of personal information and a reduced timeframe for notification and reporting from 90 days to 60 days. 

OCR Announces Five More HIPAA Right of Access Resolutions

Yesterday, the Department of Health and Human Services’ Office for Civil Rights announced the resolution of five more HIPAA Right of Access claims. That brings the total number of Right of Access resolutions this year to 12 (including a civil monetary penalty), edging out last year’s total of 11. As for settlement and penalty amounts, the Right of Access total for 2021 has surpassed 2020 by more than $300,000.

Telehealth, Privacy, and the Three Little Pigs: A Year and a Half Later

In my July 23, 2020 blog post, I used the familiar characters in the beloved fable The Three Little Pigs to illustrate the importance of building a secure and compliant telehealth delivery system. I explained that, despite the Office for Civil Rights’ (OCR) announcement of enforcement discretion during the public health emergency (PHE), healthcare providers should establish HIPAA-compliant telehealth delivery systems before enforcement discretion ended. Because the PHE may soon be over, that message bears repeating.

My Incident Response Planning Epiphany

(2 min read) 3:35 AM.  Alarm blaring.  Disoriented, I pop out of bed, reach for my glasses and ask, “what is that?”  “It’s the security alarm” my spouse replies.  For a moment, I was relieved because I feared it was the fire alarm.  For a split second, fire seemed like a better option than an intruder.  After briefly playing out the intruder scenario in my head, the fear returned.