OCR Issues Guidance for Mobile Health App Developers

The Department of Health and Human Services’ (HHS) Office for Civil Rights recently issued guidance on when HIPAA applies to health information that a patient creates, manages, or organizes through the use of a health app. The guidance also covers the issue of when mobile health app developers might need to comply with the HIPAA Rules. When are Mobile Health App Developers [...]

2020-09-14T10:03:12-04:00September 14th, 2020|

OCR Enforcement Discretion for Business Associate PHI Use

The Department of Health and Human Services’ (HHS) Office for Civil Rights, as part of a broad response to support federal and state health authorities and emergency operations centers who need access to COVID-19-related data, has announced it will exercise additional COVID-19-related enforcement discretion. The OCR enforcement discretion is discussed below. What Enforcement Discretion Will be Exercised? Previously, OCR announced it would [...]

2020-09-04T12:53:07-04:00September 1st, 2020|

OCR HIPAA Guidance: COVID-19 Plasma Donation

To clear up previously released guidance, the Office for Civil (OCR) released new guidance regarding contacting recovered COVID-19 patients for plasma donation. The OCR HIPAA guidance reinforces the allowance of covered entities to contact recovered patients. OCR HIPAA Guidance: Contacting Recovered COVID-19 Patients In June, OCR HIPAA guidance was released stating that HIPAA covered entities are permitted to contact recovered COVID-19 patients [...]

2020-09-04T12:55:05-04:00August 28th, 2020|

Alert: Fake Postcard Disguised as OCR Communication

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has warned individuals and businesses about a misleading postcard being mailed, first-class, to individuals designated as “HIPAA Compliance Officers.” As OCR has warned, “Though the postage is marked first class, the mailer’s intent is not. In fact, it is another low-class act by scammers.” The postcards contain misleading information, claiming to be notices of required HIPAA [...]

2020-08-12T09:56:33-04:00August 11th, 2020|

$1,040,000 OCR Settlement Reached for Stolen Unencrypted Laptop

Lifespan Affiliated Covered Entity (“Lifespan ACE”) is a HIPAA-covered entity. This not-for-profit health system includes three academic teaching hospitals, a medical and mental health services hospital, and Rhode Island’s largest nonprofit behavioral healthcare provider. In April of 2017, Lifespan’s parent company and business associate, filed a breach report with the Department of Health and Human Services’ (HHS) Office for Civil Rights. The resulting OCR investigation determined that an unencrypted [...]

2020-07-28T09:58:33-04:00July 28th, 2020|

OCR Guidance on COVID-19 Patients and Antibody Donation

On June 12, 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued guidance on whether or not a healthcare provider may use protected health information (PHI) to identify and contact patients who have recovered from COVID-19. The OCR guidance states that HIPAA permits such use of PHI to identify recovered patients, to provide them with information as to how they can donate COVID-19 [...]

2020-06-23T20:27:45-04:00June 16th, 2020|

What are the Results of OCR’s HIPAA Enforcement Efforts?  

OCR has conducted HIPAA enforcement by investigating and resolving over 27,109 cases by requiring changes in privacy practices and corrective actions by, or providing technical assistance to, HIPAA covered entities and their business associates.  Corrective actions obtained by OCR from these entities have resulted in change that is systemic and that affects all the individuals they serve.  OCR has successfully conducted HIPAA enforcement under the HIPAA Rules by applying [...]

2020-02-19T15:47:04-05:00February 10th, 2020|

Leap Year Law and the HIPAA Breach Notification Deadline

Is there such a thing as a leap year law? Once every four years (e.g., 2000, 2004, 2008, 2012), there is a February 29th. Years with this extra calendar date are, of course, called leap years. The existence of an extra day in a year can change a legal deadline. This year, because there is an extra day, February 29, the breach notification deadline for reporting certain breaches to [...]

2020-02-19T15:50:09-05:00February 5th, 2020|

HIPAA Privacy Complaints Lead to More Informal Intervention Efforts

The numbers seem to paint an odd picture. In 2018, the federal Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) received 25,912 health information privacy complaints - HIPAA privacy complaints relating to the HIPAA Privacy Rule and the HIPAA Security Rule. The annual number of HIPAA privacy complaints has gone up each year since 2015.  The number of HIPAA privacy complaints - and required corrective [...]

2020-01-06T16:53:29-05:00January 6th, 2020|

West Georgia Ambulance Pays $65K fine for HIPAA Violations

The Office for Civil Rights of the Department of Health and Human Services has saved an announcement of HIPAA penalties for literally the day before the end of 2019. On December 30, through a press release, OCR announced it has entered into a resolution agreement with West Georgia Ambulance, Inc. on December 23. The agreement requires West Georgia to pay a fine in the amount of $65,000. What HIPAA [...]

2020-01-06T16:30:23-05:00January 2nd, 2020|
Load More Posts