Department of Health and Human Services

On December 1, 2022, the Office for Civil Rights at the U.S. Department of Health and Human Services released a Bulletin on the obligations of HIPAA covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies.
Continue Reading HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

On June 29, 2022, the U.S. Department of Health and Human Services issued two guidance documents to “help protect patients seeking reproductive health care, as well as their providers” following the Supreme Court’s decision in Dobbs vs. Jackson Women’s Health Organization.
Continue Reading HHS Issues Post-Dobbs Guidance to Protect Patient Privacy

Earlier this month, the U.S. Department of Health and Human Services Office for Civil Rights released guidance to help covered entities understand how they can use remote communication technologies for audio-only telehealth in compliance with the HIPAA Privacy and Security Rules. Specifically, the Guidance clarifies how audio-only telehealth can be conducted after OCR’s Notification of Enforcement Discretion for Telehealth, put in place during the COVID-19 pandemic, is no longer in effect.
Continue Reading HHS Releases Guidance on Audio-Only Telehealth Practices

On September 30, 2021, the U.S. Department of Health and Human Services’ Office for Civil Rights issued guidance regarding when the HIPAA Privacy Rule applies to disclosures and requests for information about a person’s COVID-19 vaccination status. The guidance addresses common workplace scenarios and answers questions about whether and how the HIPAA Privacy Rule applies.
Continue Reading OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information

On May 25, 2021, the Office for Civil Rights of the U.S. Department of Health and Human Services announced that it had reached a settlement with a clinical laboratory for violations of the HIPAA Security Rule. As part of this settlement, the company agreed to pay OCR $25,000 and to implement a robust corrective action plan.
Continue Reading HHS Reaches Settlement with Clinical Laboratory for Alleged Violations of HIPAA Security Rule

On September 30, 2020, Anthem, Inc., entered into an assurance of voluntary compliance with the attorneys general of 42 states and the District of Columbia to resolve claims under state and federal law relating to Anthem’s 2015 data breach of personal information and protected health information, the largest breach of PHI in history.
Continue Reading 42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims