Department of Health and Human Services

Subscribe to Department of Health and Human Services

FTC and HHS Update Consumer Health Data Privacy and Security Guide

Posted on September 21, 2023

Posted in Health Privacy, Information Security, U.S. Federal Law

On September 15, 2023, the Federal Trade Commission and the Department of Health and Human Services published an updated version of the two agencies’ joint publication, entitled “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule.” …
Continue Reading FTC and HHS Update Consumer Health Data Privacy and Security Guide

ONC and HHS OCR Release Updated HIPAA Security Risk Assessment Tool

Posted on September 15, 2023

Posted in Health Privacy, U.S. Federal Law

On September 13, 2023, the National Coordinator for Health Information Technology and the Office for Civil Rights at the U.S. Department of Health and Human Services released version 3.4 of the Security Risk Assessment Tool under the Health Insurance Portability and Accountability Act Security Rule.
Continue Reading ONC and HHS OCR Release Updated HIPAA Security Risk Assessment Tool

HHS Issues NPRM to Strengthen Protections under HIPAA for Reproductive Privacy

Posted on April 20, 2023

Posted in Health Privacy

On April 12, 2023, the U.S. Department of Health and Human Services issued a Notice of Proposed Rulemaking to modify protections under the Health Insurance Portability and Accountability Act of 1996 to strengthen reproductive health care privacy.
Continue Reading HHS Issues NPRM to Strengthen Protections under HIPAA for Reproductive Privacy

HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

Posted on December 19, 2022

Posted in Health Privacy, Information Security, Online Privacy, Security Breach

On December 1, 2022, the Office for Civil Rights at the U.S. Department of Health and Human Services released a Bulletin on the obligations of HIPAA covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies. …
Continue Reading HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI

Posted on September 21, 2022

Posted in Health Privacy, Security Breach, U.S. Federal Law

On August 23, 2022, the U.S. Department of Health & Human Services, Office for Civil Rights announced that it had settled a case involving the disposal of physical protected health information. …
Continue Reading OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI

President Biden Issues Executive Order Protecting Privacy of Reproductive Health Data

Posted on July 13, 2022

Posted in Enforcement, Health Privacy

On July 8, 2022, President Biden issued an Executive Order titled, “Protecting Access to Reproductive Health Care Services,” in response to the overturning of Roe v. Wade. …
Continue Reading President Biden Issues Executive Order Protecting Privacy of Reproductive Health Data

HHS Issues Post-Dobbs Guidance to Protect Patient Privacy

Posted on July 8, 2022

Posted in Enforcement, Health Privacy, Information Security

On June 29, 2022, the U.S. Department of Health and Human Services issued two guidance documents to “help protect patients seeking reproductive health care, as well as their providers” following the Supreme Court’s decision in Dobbs vs. Jackson Women’s Health Organization. …
Continue Reading HHS Issues Post-Dobbs Guidance to Protect Patient Privacy

HHS Releases Guidance on Audio-Only Telehealth Practices

Posted on June 29, 2022

Posted in Enforcement, Health Privacy, Information Security

Earlier this month, the U.S. Department of Health and Human Services Office for Civil Rights released guidance to help covered entities understand how they can use remote communication technologies for audio-only telehealth in compliance with the HIPAA Privacy and Security Rules. Specifically, the Guidance clarifies how audio-only telehealth can be conducted after OCR’s Notification of Enforcement Discretion for Telehealth, put in place during the COVID-19 pandemic, is no longer in effect.
Continue Reading HHS Releases Guidance on Audio-Only Telehealth Practices

OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information

Posted on October 6, 2021

Posted in Health Privacy, U.S. Federal Law, Workplace Privacy

On September 30, 2021, the U.S. Department of Health and Human Services’ Office for Civil Rights issued guidance regarding when the HIPAA Privacy Rule applies to disclosures and requests for information about a person’s COVID-19 vaccination status. The guidance addresses common workplace scenarios and answers questions about whether and how the HIPAA Privacy Rule applies.
Continue Reading OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information

HHS Reaches Settlement with Clinical Laboratory for Alleged Violations of HIPAA Security Rule

Posted on May 25, 2021

Posted in Cybersecurity, Enforcement, U.S. Federal Law

On May 25, 2021, the Office for Civil Rights of the U.S. Department of Health and Human Services announced that it had reached a settlement with a clinical laboratory for violations of the HIPAA Security Rule. As part of this settlement, the company agreed to pay OCR $25,000 and to implement a robust corrective action plan. …
Continue Reading HHS Reaches Settlement with Clinical Laboratory for Alleged Violations of HIPAA Security Rule

Menu

Privacy & Information Security Law Blog