Tag Archives: HIPAA

HIPAA Enforcement in 2020: A Focus on Right of Access and Lessons Learned

Despite the pandemic, HIPAA enforcement was hot in 2020. There were nearly twice as many enforcement action resolutions last year than in each of the previous three years. The DHHS’ Office for Civil Rights (OCR), which enforces HIPAA, announced a total of 19 resolutions in 2020. The 2020 resolutions offer different lessons from previous enforcement years, as the most common issue for enforcement in 2020 is relatively new: the Right of Access under the HIPAA Privacy Rule.

HIPAA’s Treatment Exception Permits Sharing with Certain Non-Healthcare Providers

Written in collaboration with Erin MacLean, JD, CHC, CHPC. Over the past several weeks, many have been focused on the proposed changes to the HIPAA Privacy Rule announced in mid-December. While the proposed changes warrant attention and comment, the commentary to those proposed changes from the Department of Health and Human Services’ Office for Civil Rights (OCR) must not be overlooked. In its commentary, OCR provides valuable insights on its interpretation of a provider’s ability to disclose information to third parties under HIPAA’s current treatment exception, including a provider’s ability to share protected health information (PHI) with non-healthcare providers without an authorization.

OCR Kicks off its 2021 HIPAA Enforcement Year with Another Right of Access Settlement

OCR announced its first HIPAA enforcement resolution of 2021. Picking up where it left off in 2020, this settlement involves Right of Access claims and results in a large non-profit health system with several affiliated covered entities agreeing to pay $200,000 to settle claims related to two of its affiliated entities.

Major Changes Proposed to HIPAA Privacy Rule

Two years after issuing a request for information seeking feedback on possible changes to HIPAA and smack dab in the middle of a global pandemic, the Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR) announced major proposed changes to the HIPAA Privacy Rule. The proposed changes focus on coordination of care and significant revisions to the patient right of access provisions, including shortening the timeframe to respond to patient requests for records to 15 days and permitting patients to take photos or videos of their PHI.

Ten HIPAA Right of Access Settlements in Just Two Months

On November 19, 2020, the Office for Civil Rights (OCR) announced its 10th HIPAA Right of Access settlement of the year. OCR publicized its first five Right of Access settlements this year just over two months ago. It added two more in October and then three in November. And with a full month left in 2020, there may be more to come.

A Conversation with IT Direct About the HIPAA Risk Analysis

One of the most common areas of enforcement under HIPAA involves a failure to perform an accurate and thorough risk analysis. Despite the known enforcement history and growing frequency of cybersecurity incidents, lack of compliance with the risk analysis requirement is very common. I sat down with Sammy De La O of IT Direct to get his perspective on performing a risk analysis and addressing the results.

The Crushing Cost of HIPAA Security Rule Non-Compliance

In just one week, OCR announced settlements totaling $10.6 million with three organizations for alleged systemic HIPAA Security Rule violations. In each of the three cases, the entity self-reported a hacking incident. Combined, the hacking incidents compromised the health information of more than 16 million people. While it’s not common to see three large settlements in one week, enforcement for HIPAA Security Rule non-compliance is not new and likely will continue with increasing intensity.

DMC Law and IT Direct Team Up to Offer a 3-Part HIPAA Security and Cybersecurity Webinar

October is Cybersecurity Awareness Month!  It’s no secret that healthcare entities and the businesses that serve them are a popular target for cybercriminals – costing millions each year and damaging reputations. In fact, hacking and IT incidents are the leading cause of reported HIPAA breaches.   Healthcare executives need to understand both the risks and […]