Protected Health Information

Subscribe to Protected Health Information

On October 12, 2021, New Jersey Acting Attorney General Andrew J. Bruck and the Division of Consumer Affairs announced a settlement with Diamond Institute for Infertility and Menopause, LLC over a data breach that compromised the personal information of 14,663 patients, including 11,071 New Jersey residents. The Division of Consumer Affairs alleged that the fertility clinic violated the New Jersey Consumer Fraud Act and the federal HIPAA’s Privacy and Security Rules by removing protected health information safeguards.
Continue Reading New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic

On May 25, 2021, the Office for Civil Rights of the U.S. Department of Health and Human Services announced that it had reached a settlement with a clinical laboratory for violations of the HIPAA Security Rule. As part of this settlement, the company agreed to pay OCR $25,000 and to implement a robust corrective action plan.
Continue Reading HHS Reaches Settlement with Clinical Laboratory for Alleged Violations of HIPAA Security Rule

The United States Court of Appeals for the Fifth Circuit recently vacated a 4.3 million dollar civil monetary penalty imposed by the Department of Health and Human Services’ Office for Civil Rights in 2017 against the University of Texas M.D. Anderson Cancer Center, holding that the penalty was “arbitrary, capricious, and otherwise unlawful.”
Continue Reading Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

On June 11, 2020, the California Senate amended AB-713 to the California Consumer Privacy Act. The Senate’s recent amendments impose new contractual obligations on the use or sale of de-identified information and modify the exemption from the CCPA for information used for public health purposes.
Continue Reading California Senate Proposes Amendment to CCPA to Address De-Identification and Information Used for Research and Public Health Purposes

The Office for Civil Rights at the U.S. Department of Health and Human Services issued a Bulletin on sharing and protecting patients’ protected health information during the COVID-19 national emergency. The Bulletin emphasizes that HIPAA-covered entities may use or disclose patients’ PHI when necessary to treat a patient, to protect the nation’s public health and for other critical purposes.
Continue Reading OCR Issues Bulletin on the Sharing and Security of PHI During Coronavirus Pandemic

The District Court for the District of Columbia recently invalidated certain Department of Health and Human Services (“HHS”) rules regarding an individual’s access to their protected health information (“PHI”). The Court held that: (1) individuals can only direct their electronic PHI to third parties (and not hard copy PHI); and (2) the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Omnibus Rule provisions regarding the caps on fees that HIPAA-covered entities may charge for such requests did not follow relevant administrative law procedures.
Continue Reading District Court Limits HIPAA Right of Access