In December 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) released “guidance” on the use of tracking technologies, which took an overboard approach to the use of basic website analytics tools (2022 Guidance). Courts criticized OCR’s 2022 Guidance, and last fall, the American Hospital Association sued OCR, alleging agency overreach. […]
Tag Archives: OCR
In June 2022, several media outlets broke a story about hospitals using a website technology that caused patient data to be sent to Facebook known as Meta Pixel. Specifically, the investigation found that 33% of the top 100 hospitals tracked user activity tied to scheduling appointments and, because the hospitals used Meta Pixel technology on […]
On December 15, 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced its 17th HIPAA Right of Access settlement of the year. Overall, OCR has settled or assessed a penalty in a Right of Access enforcement matter 42 times since it began its Right of Access enforcement initiative in 2019. […]
No one likes receiving negative reviews on Yelp. But healthcare providers need to exercise better restraint than a dentist who will pay $23,000 to the Department of Health and Human Services’ Office for Civil Rights (OCR) to settle claims that his responsive posts violated HIPAA. OCR received a complaint that New Vision Dental (NVD) continuously […]
Today, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance on HIPAA requirements as they relate to audio-only telehealth. Importantly, for the first time, OCR provides insights on its position on the difference between landline and VoIP telecommunication services. OCR’s guidance applies now and after its telehealth enforcement discretion is […]
Here it is! My annual summary of HIPAA enforcement action resolutions. I know you all have been eagerly awaiting its arrival. No plot twists or surprises this year – the enforcement themes are much the same as those in 2020. As I explain below, Right of Access was again the star.
In my July 23, 2020 blog post, I used the familiar characters in the beloved fable The Three Little Pigs to illustrate the importance of building a secure and compliant telehealth delivery system. I explained that, despite the Office for Civil Rights’ (OCR) announcement of enforcement discretion during the public health emergency (PHE), healthcare providers should establish HIPAA-compliant telehealth delivery systems before enforcement discretion ended. Because the PHE may soon be over, that message bears repeating.
In line with its other Notices of Enforcement Discretion, OCR announced today that it will not enforce HIPAA rules against healthcare providers and their business associates for HIPAA violations that occur during the good faith operation of a community-based COVID-19 specimen collection and testing site, such as a mobile, drive-through or walk-up site.
Late Friday, the Office for Civil Rights (OCR) issued FAQs on telehealth and HIPAA as a follow up to DHHS’ announcement that OCR would use “enforcement discretion” for HIPAA non-compliance related to the good faith roll out of telehealth services during the COVID-19 emergency. The FAQs provide useful information about the types of applications that can be used for telehealth as well as examples of bad faith conduct.