HIPAA itself does not contain a private right of action for individuals following unauthorized disclosures of medical information. Yet, HIPAA does not prohibit individuals from seeking remedies through state or other law. Each U.S. state’s tort law system can potentially allow individuals to pursue reparations when they are harmed by…
On April 6th, 2022, a HIPAA-regulatory Request for Information (RFI) was released by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) soliciting feedback from the public for future rulemaking. The RFI seeks information on how the industry views “recognized security practices,” and on OCR’s compensating…
Participants in the healthcare industry have seen a multi-front threat related to their information security practices/healthcare data – increased enforcement and fines by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR); increased scrutiny from plaintiffs’ attorneys and State Attorneys General; and increased threats from malicious…
On March 17, 2020, the Office for Civil Rights (“OCR”) issued a notification regarding enforcement discretion for telehealth remote communications that may not fully comply with applicable HIPAA Rules (the “Notification”). The Notification provides that OCR will not impose penalties on covered health care providers for noncompliance with regulatory requirements…
Small health care data breaches – those affecting fewer than 500 patients – that occurred in the 2019 calendar year must be reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) by February 29, 2020. The HIPAA Breach Notification Rule requires HIPAA-covered entities to report…
As of April 30, 2019, the maximum penalties for violations of the Health Insurance Portability and Accountability Act (HIPAA) have new annual limits. These updated penalties will be based on the level of culpability associated with the violation, according to the Department of Health and Human Services (HHS). Organizations that…
Maintaining compliance with all HIPAA Rules has never been more important for a health care business’s success than it is now. Last year, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) concluded an all-time record in Health Insurance Portability and Accountability Act…
Tomorrow, March 1, 2019, is the deadline for reporting small data breaches (<500) that occurred in calendar year 2018 to the Department of Health and Human Services’ Office for Civil Rights (OCR). Any HIPAA-covered entities and their business associates are required by the HIPAA Breach Notification Rule to, at least…
The OIG issued a Policy Statement regarding Gifts of Nominal Value to Medicare and Medicaid Beneficiaries. Under section 1128A(a)(5) of the Social Security Act (the Act), enacted as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a person who offers or transfers to a Medicare or…
The HHS Office for Civil Rights (“OCR”) has begun issuing notices for Phase 2 HIPAA Audits applicable to covered entities and their business associates. In Phase 2, OCR will review the policies and procedures adopted and employed by covered entities and their business associates to satisfy standards and implementation specifications…