Category Archives: HIPAA

HIPAA’s Treatment Exception Permits Sharing with Certain Non-Healthcare Providers

Written in collaboration with Erin MacLean, JD, CHC, CHPC. Over the past several weeks, many have been focused on the proposed changes to the HIPAA Privacy Rule announced in mid-December. While the proposed changes warrant attention and comment, the commentary to those proposed changes from the Department of Health and Human Services’ Office for Civil Rights (OCR) must not be overlooked. In its commentary, OCR provides valuable insights on its interpretation of a provider’s ability to disclose information to third parties under HIPAA’s current treatment exception, including a provider’s ability to share protected health information (PHI) with non-healthcare providers without an authorization.

OCR Kicks off its 2021 HIPAA Enforcement Year with Another Right of Access Settlement

OCR announced its first HIPAA enforcement resolution of 2021. Picking up where it left off in 2020, this settlement involves Right of Access claims and results in a large non-profit health system with several affiliated covered entities agreeing to pay $200,000 to settle claims related to two of its affiliated entities.

Major Changes Proposed to HIPAA Privacy Rule

Two years after issuing a request for information seeking feedback on possible changes to HIPAA and smack dab in the middle of a global pandemic, the Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR) announced major proposed changes to the HIPAA Privacy Rule. The proposed changes focus on coordination of care and significant revisions to the patient right of access provisions, including shortening the timeframe to respond to patient requests for records to 15 days and permitting patients to take photos or videos of their PHI.

Ten HIPAA Right of Access Settlements in Just Two Months

On November 19, 2020, the Office for Civil Rights (OCR) announced its 10th HIPAA Right of Access settlement of the year. OCR publicized its first five Right of Access settlements this year just over two months ago. It added two more in October and then three in November. And with a full month left in 2020, there may be more to come.

Right of Access is Top Enforcement Focus in 2020

Right of Access enforcement is climbing and fast. Last week, OCR announced its 9th Right of Access resolution this year and its 11th such resolution since the Right of Access enforcement initiative began in 2019. Right of Access enforcement is swift, driven by patient complaints and has cost provider 9 providers a combined total of nearly half a million in settlement costs this year.

Watch Part 2 of the 3-Part HIPAA Security and Cybersecurity Webinar Series on the HIPAA Risk Analysis

Part II:  A deeper dive into the Risk Analysis One of the most common non-compliance findings by the Office for Civil Rights (the governmental entity that enforces HIPAA) is failure to perform or performing an inadequate risk analysis. In this session, we will dive deeper into the risk analysis requirement and look at the structure […]

A Conversation with IT Direct About the HIPAA Risk Analysis

One of the most common areas of enforcement under HIPAA involves a failure to perform an accurate and thorough risk analysis. Despite the known enforcement history and growing frequency of cybersecurity incidents, lack of compliance with the risk analysis requirement is very common. I sat down with Sammy De La O of IT Direct to get his perspective on performing a risk analysis and addressing the results.

Watch Part 1 of the 3-Part HIPAA Security and Cybersecurity Webinar Series

Part I: How to Improve Your Cybersecurity Defenses Through HIPAA Security Rule Compliance HIPAA Security Rule compliance significantly reduces the risk that a healthcare entity will suffer a cyber incident. During this session, we will look closely at three key HIPAA Security Rule requirements and examine the processes and technologies that both enable compliance as […]