Healthcare Groups Push Back on Proposal to Modify HIPAA Privacy Rule

In January of 2021, the Department of Health and Human Services (HHS) published a Notice of Proposed Rulemaking (Notice) to modify the HIPAA Privacy Rule. HHS has proposed to modify the Privacy Rule right of access provision by (among other measures) requiring providers, at an individual’s request, to mail or electronically transmit PHI to or through the individual’s personal health application (PHA). HHS seeks to define PHAs as [...]

2021-05-21T12:03:22-04:00May 14th, 2021|

Remote Workers and HIPAA: How You Can Keep Your Healthcare Business Secure

With more and more remote workers in the healthcare space, PHI security should be a top concern. A recent survey determined that 44% of employees are currently working from home, with several employers expecting workers to continue to work remotely permanently. So what does this mean for cybersecurity and HIPAA compliance? To provide healthcare organizations with guidance, remote workers and HIPAA is discussed. Remote Workers and HIPAA: Data [...]

2021-02-03T16:09:45-05:00February 1st, 2021|

Vaccine Privacy Violations Under Investigation

Philly Fighting COVID, a private startup company tasked with vaccine distribution for the city, is under investigation. The Philadelphia Department of Public Health has ceased their relationship with the startup after allegations that the company’s privacy policies allowed for the sale of private information. More details on the alleged vaccine privacy violations are discussed. Vaccine Privacy Violations: What Do We Know? On [...]

2022-05-06T13:55:32-04:00January 29th, 2021|

2020 Right of Access Enforcement

2020 has been an unenviable year of firsts and of worsts. Add to this another undesirable record-breaker. In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. 11 of the fines issued were for a failure to comply with the HIPAA Privacy Rule’s right of access. The message of OCR 2020 [...]

2022-05-06T14:44:11-04:00January 11th, 2021|

HIPAA and COVID Contact Tracing

In an effort to stave off the spread of COVID, the Trump administration is proposing changes to the HIPAA Privacy Rule. More details on HIPAA and COVID contact tracing are discussed. HIPAA and COVID Contact Tracing: Proposed Changes Earlier this month the Trump administration proposed changes to the HIPAA Privacy Rule, including giving patients more control over their health information and removing [...]

2022-05-20T19:25:18-04:00December 29th, 2020|

Does HIPAA Prohibit the Sharing of President Trump’s Health Information?

In light of President Trump's positive COVID diagnosis, a lot of people are wondering if it is permitted to share his health information with the public. Generally under HIPAA, healthcare organizations are prohibited from sharing a patient's health information without authorization from the patient. However, as the President of the United States, Trump’s health condition is a matter of national security, so do the general rules [...]

2022-05-06T13:55:34-04:00October 5th, 2020|

September OCR Fines Reach $10.7 Million

The OCR seems to be on a fines spree, with a record number of fines issued in September. There were eight September OCR fines issued, amounting to $10,736,500. More details on September OCR fines are discussed below. September OCR Fines: Violating HIPAA Right of Access The HIPAA Right of Access gives patients the right to request copies of their medical records from their healthcare provider. Requested records must [...]

2020-11-16T09:02:38-05:00October 1st, 2020|

Insider Breach Affects 700 Patients

On June 3, 2020, Geisinger was notified by an employee that a Geisinger Clinic employee was accessing patient records without the need to do so. The employee in question accessed 700 patients’ records over a year-long period. More details about the insider breach are discussed below. Insider Breach: What Happened Upon discovery of the insider breach, Geisinger launched an investigation into the [...]

2020-11-16T09:02:39-05:00September 25th, 2020|

Vishing Attack Targets Spectrum Health Patients

Beware. Hackers have graduated to using vishing attacks to target patients. Vishing attacks occur when hackers call patients disguising themselves as a trusted entity, such as a healthcare organization, prompting patients to share sensitive information over the phone. Spectrum Health is warning patients and Priority Health members of one such vishing attack. Spectrum Health Vishing Attack Spectrum received reports that patients [...]

2020-11-16T09:02:41-05:00September 18th, 2020|

OCR Settles Five Privacy Rule Violations

In September of 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced that it settled HIPAA Privacy Rule right of access violations with five separate healthcare entities. The total settlement with all five organizations amounts to $136,500. In each instance, the healthcare provider was fined, and ended up settling with OCR, for its failure to provide patients with timely access to [...]

2020-11-16T09:02:42-05:00September 16th, 2020|