OCR Settles Five Privacy Rule Violations

In September of 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced that it settled HIPAA Privacy Rule right of access violations with five separate healthcare entities. The total settlement with all five organizations amounts to $136,500. In each instance, the healthcare provider was fined, and ended up settling with OCR, for its failure to provide patients with timely access to [...]

2023-04-06T14:16:54-04:00September 16th, 2020|

Would You Sell PHI? The Shocking Results of a Healthcare Study

Would you sell PHI as a healthcare worker? A new study reveals that many students soon to enter the workforce as a healthcare worker would. The results of the study and the permitted uses and disclosures of PHI are discussed below. Would You Sell PHI? The Results of the Study The healthcare study, published in July in JMIR Medical Informatics, was conducted by researchers from three universities (Florida [...]

2023-04-06T14:17:00-04:00September 2nd, 2020|

OCR HIPAA Guidance: COVID-19 Plasma Donation

To clear up previously released guidance, the Office for Civil (OCR) released new guidance regarding contacting recovered COVID-19 patients for plasma donation. The OCR HIPAA guidance reinforces the allowance of covered entities to contact recovered patients. OCR HIPAA Guidance: Contacting Recovered COVID-19 Patients In June, OCR HIPAA guidance was released stating that HIPAA covered entities are permitted to contact recovered COVID-19 patients [...]

2023-04-06T14:17:02-04:00August 28th, 2020|

Exposure Notification Privacy Act Aims to Regulate Contact Tracing Apps

Recently, a bipartisan group of United States Senators introduced the Exposure Notification Privacy Act (ENPA). This bill aims to regulate exposure notification and contact tracing apps that will be used to monitor and control COVID-19 spread. What is Contact Tracing? Contact tracing is the process of identifying people who may have come into contact with a person infected by a virus. COVID-19 contact tracing apps [...]

2023-04-06T14:22:49-04:00June 9th, 2020|

What are HIPAA Policies and Procedures Templates?

HIPAA Policies and Procedures Templates are form documents that relate to a particular area of HIPAA compliance. HIPAA Policies and Procedures templates provide information on what an organization must do to be compliant in that area. As an example, HIPAA Policies and Procedures Templates include a Policy and Procedure Template for Breach Notification. The HIPAA compliance policy template contains general language about how to detect and report a [...]

2023-04-06T14:22:51-04:00June 3rd, 2020|

SAMHSA Proposes Changes to Substance Abuse Privacy Regulations

42 CFR Part 2 is a federal regulation that requires substance abuse disorder treatment providers observe privacy and confidentiality restrictions with respect to patient records. These regulations, together with the privacy regulations found in the HIPAA Privacy Rule, work to protect the confidentiality of patient identifying information and protected health information (PHI) found in substance abuse disorder (SUD) medical records. Recently, the Substance Abuse and Mental Health Services Administration [...]

2023-04-06T14:22:54-04:00May 28th, 2020|

HIPAA Wiki: A Brief Summary of HIPAA Rights

The Hawaiian language has a memorable equivalent of the English word for “fast”: “wikiwiki.” The term “wikiwiki” can be spoken quickly. Similarly, when a person looks up a “wiki” for information, what the person hopes to find is information on a particular topic that can be quickly overviewed, covering all of the highlights. A HIPAA wiki contains the following information about patient rights. Do you have an effective [...]

2023-04-06T14:22:57-04:00May 21st, 2020|

HIPAA Media Access: Film Crews in Healthcare Facilities

The Department of Health and Human Services (HHS)’ Office for Civil Rights (OCR) has issued several Notices of Enforcement Discretion during the COVID-19 pandemic. As such, OCR will not be imposing sanctions on covered entities for good-faith violations of certain rules. OCR will continue to impose sanctions for other violations. One violation for which OCR will continue to apply sanctions is the violation of the HIPAA Media Access rule. [...]

2023-04-06T14:23:03-04:00May 7th, 2020|

HIPAA Patient Privacy

One of the many misunderstandings in circulation about HIPAA is over how it protects - and when it does not protect - patient privacy. HIPAA patient privacy is regulated by the HIPAA Privacy Rule. The Privacy Rule spells out when an individual’s protected health information (PHI) may be used or disclosed without that patient’s authorization, and when that information may not be disclosed without authorization. Many patients are unaware [...]

2023-04-06T14:23:38-04:00February 21st, 2020|

When Can a Covered Entity Deny a Request to Amend PHI?

The HIPAA Privacy Rule permits patients to request that PHI contained in their medical records, be amended. The right is not unlimited, however, and a covered entity may deny a request to amend PHI under several circumstances. What is the HIPAA Privacy Rule Right to Amend PHI? Under the HIPAA Privacy Rule, covered entities must honor certain patient requests to amend protected health information (PHI). [...]

2023-04-06T14:24:10-04:00January 17th, 2020|