Once again, the Department of Health and Human Services proves that just because you’re a small practice, doesn’t mean you won’t get fined. The latest fine under the HIPAA Right of Access Initiative was issued to a sole practitioner mental health service provider. In December 2017, a personal representative (father) filed a complaint against David Mente, MA, LPC, after Mente failed to [...]
There was a time when getting a copy of your medical records was a hit-or-miss proposition. Depending on your health history and how your provider documented it, a complete medical file could be inches thick or just a few pages. The healthcare provider had much control over how much you would be permitted to access or if you could access it at all. [...]
With an October 6, 2022 deadline looming, a group of hospitals and medical associations is making a last-minute plea for HHS to delay the implementation of the 21st Century Cures Act Information Blocking Rule for one more year. Passed as part of the 21st Century Cures Act in 2016, the rule is intended to encourage innovation in medical research and expand patients' [...]
On Friday afternoon, July 15, 2022, the Department of Health and Human Services Office for Civil Rights announced 11 enforcement actions against healthcare providers across the country for alleged violations of the HIPAA Privacy Rule right of access provisions. Buried within the various resolutions and corrective action plans were notices of proposed determination and final determination for ACPM Podiatry Group Ltd. and [...]
Demonstrating their continued focus on right of access violations, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced 11 settlements and one HIPAA fine for medical practices across a wide variety of specialties. An examination of the specifics of each incident cites several reasons by the covered entities for not providing the requested records, including: Complete failure to [...]
Under HIPAA, when a breach of unsecured PHI takes place, the covered entity that sustains the breach must notify affected individuals of the breach. Notification must be provided through a breach notification letter. The content requirements and a HIPAA sample breach notification letter are discussed below. Patient Notification in Breach Notification Letters Prior to 2009, many breaches of unsecured PHI went unreported, [...]
You may have been hearing a lot about HIPAA breach notification reporting lately and for a good reason. The deadline to report small-scale breaches to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is March 1st. When reporting breaches to the HHS OCR, they require you to submit a HIPAA Breach Notification Form. Before completing the form, [...]
A recent policy statement by the Federal Trade Commission (FTC) has dramatically expanded coverage and penalties under the FTC Breach Notification Rule for companies that develop and offer mobile health applications and services for consumers. History of the FTC Breach Notification Rule As issued by the FTC in 2009, the Breach Notification Rule required PHR vendors to notify the Federal Trade Commission and any affected individuals upon:Â [...]
Hopefully, you’ve been keeping a list of your minor breaches that occurred in 2021 because now is the time to report them to the Department of Health and Human Services. As the 2022 HIPAA breach notification rule deadline approaches, it is important that you know the deadline and understand what incidents need to be reported. When is the 2022 HIPAA Breach Notification [...]
What will HIPAA 2022 bring? Picture the end of 2020. A raging COVID pandemic, for which vaccinations had only started. An outgoing Presidential administration giving the reins to a new one. And, in the middle of all of this, some seeds planted by the federal government seemed bound to blossom into changes in HIPAA law and regulations. At the end of 2020, [...]
