HHS Amends Substance Abuse Records Confidentiality Rules

Recently, the 42 CFR Part 2 regulations, which serve to protect substance abuse disorder patient records, were revised. Their revised regulation facilitates better coordination of care in response to the opioid epidemic, while maintaining confidentiality of substance abuse records. How Have the Substance Abuse Records Confidentiality Rules Changed? The new substance abuse records confidentiality rules do not alter the basic framework for confidentiality protection of substance use disorder [...]

2023-07-31T16:31:41-04:00July 23rd, 2020|

HIPAA Now: What you Need to Know About HIPAA Compliance

Since the start of the coronavirus pandemic, there have been a lot of questions about HIPAA compliance and software. At the beginning of the crisis, the Department of Health and Human Services (HHS) released guidance temporarily easing HIPAA restrictions around the use of telehealth. This loosening led many organizations to falsely assume that they no longer have to comply with HIPAA. To clear up this misconception, HIPAA compliance [...]

2023-07-31T16:35:20-04:00July 17th, 2020|

Study Shows Improvement in HIPAA Right of Access Compliance

The HIPAA Privacy Rule’s “Right of Access” provision requires providers to make patient medical records available for viewing, inspecting, and copying. In early 2019, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) launched a HIPAA Right of Access enforcement initiative.  A recent study by citizen.com revealed that since the initiative was launched, provider Right of Access compliance has increased.   How Did the Study [...]

2023-08-01T09:21:28-04:00May 8th, 2020|

1.5 Million Patients Affected by February Healthcare Breaches

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reported 39 February healthcare breaches, affecting 1,531,855 patients. Of the reported incidents, there were 26 breaches due to hacking/IT incidents, 6 breaches from the unauthorized access/disclosure of protected health information (PHI), 3 breaches due to theft, 2 breaches due to loss, and 2 breaches due to improper disposal of PHI. Do you have an effective [...]

2023-08-01T10:45:39-04:00March 25th, 2020|

HIPAA Settlement Reached with Gastroenterological Sole Practitioner

The Department of Health and Human Services’ (HHS) Office for Civil rights (OCR) issued the first HIPAA settlement for 2020. Steven A. Porter, M.D., a gastroenterological sole practitioner, has agreed to pay $100,000 to the OCR for HIPAA violations. On November 21, 2013, Steven A. Porter, M.D. filed a breach report with the OCR claiming that their business associate (BA), Elevation43, was withholding the Practice’s [...]

2023-08-01T11:23:46-04:00March 3rd, 2020|

Leap Year Law and the HIPAA Breach Notification Deadline

Is there such a thing as a leap year law? Once every four years (e.g., 2000, 2004, 2008, 2012), there is a February 29th. Years with this extra calendar date are, of course, called leap years. The existence of an extra day in a year can change a legal deadline. This year, because there is an extra day, February 29, the breach notification deadline for [...]

2023-08-01T13:37:46-04:00February 5th, 2020|

PHI Protection for 50 Years After Death

Protected health information (PHI) is any individually identifying health information classified by the Department of Health and Human Services (HHS) into 18 identifiers, such as name, date of birth, address, payment information, treatment information, etc. The Health Insurance Portability and Accountability Act (HIPAA) mandates that organizations that work with PHI have safeguards in place in the form of administrative, technical, and physical, to protect PHI. [...]

2024-01-25T14:24:12-05:00January 20th, 2020|

West Georgia Ambulance Pays $65K fine for HIPAA Violations

The Office for Civil Rights of the Department of Health and Human Services has saved an announcement of HIPAA penalties for literally the day before the end of 2019. On December 30, through a press release, OCR announced it has entered into a resolution agreement with West Georgia Ambulance, Inc. on December 23. The agreement requires West Georgia to pay a fine in the amount [...]

2023-08-01T14:27:15-04:00January 2nd, 2020|

HIPAA Enforcement: Who Enforces HIPAA?

There are significant consequences for breaking the HIPAA laws. The HIPAA Rule is enforced through several methods. HIPAA is a federal law, which is enforced by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). This is the most common method of HIPAA enforcement. State attorneys general may also conduct HIPAA enforcement. How Does HIPAA Enforcement Work? HIPAA [...]

2023-09-06T16:55:24-04:00December 17th, 2019|

$2.175 Million HIPAA Fine Issued for Improper Breach Notification

In its’ most recent HIPAA settlement, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued a $2.175 million HIPAA fine to Sentara Hospitals. The HIPAA settlement stemmed from a breach in April 2017 that affected 577 patients. In addition to the fine, Sentara Hospitals has agreed to adhere to corrective action plans, to be submitted to HHS for approval. Would [...]

2023-08-07T11:54:27-04:00December 2nd, 2019|