Health Care Reform Dashboard

Health Care Reform Dashboard

Charting Developments with the
Affordable Care Act and Beyond

HIPAA

Subscribe to HIPAA RSS Feed
11/08/2022

New Wiretap Cases Target Hospitals Using Meta Pixel

As we discussed in a recent webcast, there has been a surge in litigation focused on companies’ use of Meta Pixel, which is tracking code that enables the sharing of user online activity with Facebook.  Recent litigation has alleged that use of Meta Pixel with online videos violates the Video Privacy Protection Act (VPPA).  An even [&hellip… Continue Reading »
10/07/2021

HHS Clarifies Applicability of HIPAA Privacy Rule to COVID-19 Vaccination Status Requests

The U.S. Department of Health and Human Services (HHS) has released guidance to address how the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule applies to various entities’ requests for information related to an individual’s COVID-19 vaccination status. HHS emphasized that the Privacy Rule applies only to covered entities, including health plans and most [&hellip… Continue Reading »
08/12/2021

OCR’s HIPAA Resolution Agreements: the Year Thus Far

The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has continued its enforcement of the privacy and security rules included in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), announcing a number of settlements of alleged violations in the first seven months of 2021. This settlement [&hellip… Continue Reading »
02/19/2021

A Fast Start: 2021 Begins With Major HIPAA Developments

The new year began with an unusual amount of activity related to the Health Insurance Portability and Accountability Act (HIPAA). Health care providers, health plans, health care clearinghouses, and business associates subject to HIPAA will need to consider three significant developments—one regulatory, one legislative, and one judicial—relating to the Privacy and Security Rules under HIPAA [&hellip… Continue Reading »
10/02/2020

OCR Announces Eight Settlements within Last Month to Resolve Alleged HIPAA Violations

Following a very quiet start in HIPAA settlement activity in 2020, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has recently announced eight settlements with covered entities and business associates. The most recent of these announcements involves the second-largest HIPAA settlement amount in OCR’s history, amounting to $6.85 million. [&hellip… Continue Reading »
03/13/2020

Disclosing Information about the Novel Coronavirus under HIPAA

Health care providers, health plans, and others who are subject to HIPAA are sure to have questions about when they may disclose information about individuals who have contracted, or been exposed to, Coronavirus (COVID-19). To address these questions, the Office of Civil Rights, U.S. Department of Health and Human Services, issued a bulletin, reminding us [&hellip… Continue Reading »
10/25/2019

OCR Hits Health System With $2.2M Fine for HIPAA Violations

The U.S. Department of Health and Human Services Office of Civil Rights (OCR) imposed $2,154,000 in civil monetary penalties against Jackson Health System in Florida for failing to meet HIPAA privacy and security requirements. The OCR announcement and accompanying information detail violations that include: The unauthorized access by an employee to the records of more [&hellip… Continue Reading »
09/09/2019

HIPAA Right to Access Information Enforced

With all of the attention on Health Insurance Portability and Accountability Act (HIPAA) requirements to safeguard the privacy and security of a patient’s health information, covered entities sometimes overlook the HIPAA provisions that give patients rights to their information. This includes a patient’s right to access his or her medical and billing records from providers and [&hellip… Continue Reading »
05/08/2019

OCR Announces $3 Million HIPAA Enforcement Settlement for Breach of 300,000 Patients’ PHI

On May 6, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an agreement  with Touchstone Medical Imaging, LLC (Touchstone), settling allegations that Touchstone violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule by allowing uncontrolled public access to patients’ protected health information (PHI). Touchstone provides [&hellip… Continue Reading »
05/03/2019

HHS Decreases Maximum HIPAA Penalties

The Department of Health and Human Services has announced that it is lowering the maximum amount it will assess for most types of HIPAA violations. Although the change is couched as an exercise of discretion, HHS states that it is basing the modifications on a change in its interpretation of the penalty provisions set forth in [&hellip… Continue Reading »
04/18/2019

HIPAA Enforcement Outlook for 2019 and Beyond

After announcing that its HIPAA enforcement collections had reached a new high-water mark of $28.7 million in 2018, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services has started this year quietly. Through the first few months of 2019, the OCR has published no resolution agreements and it is [&hellip… Continue Reading »
12/21/2018

A Pair of Year-End HIPAA Settlements

A relatively quiet year for HIPAA enforcement is ending with a small flourish. The Office of Civil Rights of the Department of Health and Human Services (HHS) has announced two settlements with covered entities within the span of eight days. The first settlement involved Advanced Care Hospitalists (ACH), a company that provides internal medicine physicians to [&hellip… Continue Reading »
06/21/2018

Appeals Board Upholds $4.3 Million in HIPAA Penalties Against Hospital

(The following is excerpted from Ballard Spahr’s CyberAdviser blog.) The Departmental Appeals Board of the U.S. Department of Health and Human Services has granted summary judgment against the University of Texas MD Anderson Cancer Center upholding $4.3 million in penalties against the Center for violations of HIPAA’s privacy and security rules. In this case, the [&hellip… Continue Reading »
11/04/2016

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the cloud service provider is not able to view it. This unequivocal determination, made in recent guidance by the U.S. Department of Health and [&hellip… Continue Reading »
07/25/2016

OCR Announces First HIPAA Enforcement Action Against a Business Associate

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced an agreement with Catholic Health Services of the Archdiocese of Philadelphia (CHCS), settling allegations that CHCS violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule by failing to protect electronic protected health information (ePHI). This is the first enforcement [&hellip… Continue Reading »
07/25/2016

Check Your Desk: HIPAA Audits for Covered Entities Have Arrived

The Office of Civil Rights (OCR) of the Department of Health and Human Services has moved forward with Phase 2 of its Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit program. On Monday, July 11, 2016, OCR sent emails to 167 covered entities (including health plans, health care, and health care clearinghouses) notifying them [&hellip… Continue Reading »
04/19/2016

HIPAA Audits Coming Your Way — Are You Ready?

The Office of Civil Rights (OCR) of the Department of Health and Human Services has begun Phase 2 of its audit program under the Health Insurance Portability and Accountability Act (HIPAA). In this phase, OCR will: ·       Collect contact information from covered entities and their business associates; ·       Audit selected covered entities and, later, business [&hellip… Continue Reading »
04/21/2015

EECO Tackles Wellness Programs

After much silence, some litigation, and recent congressional hearings, the Equal Employment Opportunity Commission (EEOC) has at long last proposed regulations (together with a fact sheet and set of frequently asked questions and answers) that interpret how the Americans with Disabilities Act (ADA) applies to wellness program incentives. Employers that sponsor wellness programs are likely [&hellip… Continue Reading »
07/14/2014

Midyear Check on Health Plan Compliance

If you sponsor or administer a group health plan, you are almost certainly taking steps to prepare for legal requirements that will become effective on or before January 1, 2015. New rules under HIPAA, the Affordable Care Act (ACA), and other laws will affect your plans. As we pass the midpoint of 2014, it is [&hellip… Continue Reading »
11/27/2012

Proposed Regulations Address Discrimination in Wellness Programs

The Departments of Treasury, Labor, and Health and Human Services have issued a revised set of proposed regulations for nondiscrimination in wellness programs. The regulations prohibit a wellness program offered as part of a health plan from discriminating against individuals on account of an adverse health factor. The revised rules are scheduled to apply in [&hellip… Continue Reading »
01/19/2012

Health and Welfare Benefits in 2012

Although the pace of new legislation affecting health and other welfare benefits has slowed after the first two years of the Obama Administration, plan sponsors will find no shortage of developments to monitor and implement in 2012. This alert provides a very brief review of recent developments and matters to watch in the new calendar [&hellip… Continue Reading »
.