Articles Posted in HIPAA

As healthcare regulatory attorneys, we’ve seen firsthand the confusion and challenges that arise when health-related entities fall outside the purview of the Health Insurance Portability and Accountability Act (HIPAA). One crucial, newly released, regulation that often gets overlooked is the Federal Trade Commission’s (FTC) Health Breach Notification Rule (HBN Rule). This rule is particularly relevant […]

HIPAA itself does not contain a private right of action for individuals following unauthorized disclosures of medical information. Yet, HIPAA does not prohibit individuals from seeking remedies through state or other law. Each U.S. state’s tort law system can potentially allow individuals to pursue reparations when they are harmed by a data breach. With the […]

On April 6th, 2022, a HIPAA-regulatory Request for Information (RFI) was released by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) soliciting feedback from the public for future rulemaking. The RFI seeks information on how the industry views “recognized security practices,” and on OCR’s compensating individuals based on harm they […]

Participants in the healthcare industry have seen a multi-front threat related to their information security practices/healthcare data – increased enforcement and fines by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR); increased scrutiny from plaintiffs’ attorneys and State Attorneys General; and increased threats from malicious actors. Recent reports underscore this […]

On March 17, 2020, the Office for Civil Rights (“OCR”) issued a notification regarding enforcement discretion for telehealth remote communications that may not fully comply with applicable HIPAA Rules (the “Notification”). The Notification provides that OCR will not impose penalties on covered health care providers for noncompliance with regulatory requirements under the HIPAA Rules in […]

Small health care data breaches – those affecting fewer than 500 patients – that occurred in the 2019 calendar year must be reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) by February 29, 2020. The HIPAA Breach Notification Rule requires HIPAA-covered entities to report small data breaches either as […]

As of April 30, 2019, the maximum penalties for violations of the Health Insurance Portability and Accountability Act (HIPAA) have new annual limits. These updated penalties will be based on the level of culpability associated with the violation, according to the Department of Health and Human Services (HHS). Organizations that have taken measures to meet […]

Maintaining compliance with all HIPAA Rules has never been more important for a health care business’s success than it is now. Last year, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) concluded an all-time record in Health Insurance Portability and Accountability Act (HIPAA) enforcement activity. In 2018, […]

Tomorrow, March 1, 2019, is the deadline for reporting small data breaches (<500) that occurred in calendar year 2018 to the Department of Health and Human Services’ Office for Civil Rights (OCR). Any HIPAA-covered entities and their business associates are required by the HIPAA Breach Notification Rule to, at least once yearly, report data breaches […]

The OIG issued a Policy Statement regarding Gifts of Nominal Value to Medicare and Medicaid Beneficiaries. Under section 1128A(a)(5) of the Social Security Act (the Act), enacted as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a person who offers or transfers to a Medicare or Medicaid beneficiary any remuneration that […]

Contact Information