Earlier this month, the U.S. Department of Health and Human Services Office for Civil Rights released guidance to help covered entities understand how they can use remote communication technologies for audio-only telehealth in compliance with the HIPAA Privacy and Security Rules. Specifically, the Guidance clarifies how audio-only telehealth can be conducted after OCR’s Notification of Enforcement Discretion for Telehealth, put in place during the COVID-19 pandemic, is no longer in effect.
Continue Reading HHS Releases Guidance on Audio-Only Telehealth Practices
Department of Health and Human Services
OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information
On September 30, 2021, the U.S. Department of Health and Human Services’ Office for Civil Rights issued guidance regarding when the HIPAA Privacy Rule applies to disclosures and requests for information about a person’s COVID-19 vaccination status. The guidance addresses common workplace scenarios and answers questions about whether and how the HIPAA Privacy Rule applies.
Continue Reading OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information
HHS Reaches Settlement with Clinical Laboratory for Alleged Violations of HIPAA Security Rule
On May 25, 2021, the Office for Civil Rights of the U.S. Department of Health and Human Services announced that it had reached a settlement with a clinical laboratory for violations of the HIPAA Security Rule. As part of this settlement, the company agreed to pay OCR $25,000 and to implement a robust corrective action plan. …
Continue Reading HHS Reaches Settlement with Clinical Laboratory for Alleged Violations of HIPAA Security Rule
OCR Continues to Settle HIPAA Right of Access Initiative Cases
The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced more settlements associated with its HIPAA Right of Access Initiative.
Continue Reading OCR Continues to Settle HIPAA Right of Access Initiative Cases
42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims
On September 30, 2020, Anthem, Inc., entered into an assurance of voluntary compliance with the attorneys general of 42 states and the District of Columbia to resolve claims under state and federal law relating to Anthem’s 2015 data breach of personal information and protected health information, the largest breach of PHI in history.
Continue Reading 42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims
OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
On September 21, 2020, the U.S. Department of Health and Human Services Office for Civil Rights announced a $1.5 million settlement with Athens Orthopedic Clinic PA for alleged violations of the HIPAA Privacy and Security Rules.
Continue Reading OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
Department of Education and Department of Health and Human Services Release First Update to Joint Guidance on FERPA and HIPAA Since 2008
The U.S. Department of Education and the U.S. Department of Health and Human Services released joint guidance on the application of the Family Educational Rights and Privacy Act and the Health Insurance Portability and Accountability Act of 1996 Privacy Rule to student records.
Continue Reading Department of Education and Department of Health and Human Services Release First Update to Joint Guidance on FERPA and HIPAA Since 2008
HHS Imposes 1.6 Million Dollar Civil Penalty on Texas State Agency for Health Data Breach
On November 7, 2019, the Office for Civil Rights of the U.S. Department of Health and Human Services announced a $1.6 million civil penalty imposed against the Texas Health and Human Services Commission for violations of HIPAA Privacy and Security Rules.
Continue Reading HHS Imposes 1.6 Million Dollar Civil Penalty on Texas State Agency for Health Data Breach
Organizational Accountability in U.S. Law and Its Relevance to a Federal Data Privacy Law: A CIPL Study
The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP recently published a white paper on Organizational Accountability’s Existence in U.S. Regulatory Compliance and its Relevance for a Federal Data Privacy Law.
Continue Reading Organizational Accountability in U.S. Law and Its Relevance to a Federal Data Privacy Law: A CIPL Study
OCR Settles with Medical Imaging Services Company
On May 6, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement and $3 million settlement with Touchstone Medical Imaging. The settlement is the first OCR HIPAA enforcement action in 2019, following an all-time record year of HIPAA enforcement in 2018.
Continue Reading OCR Settles with Medical Imaging Services Company