Home > Insights > Blogs > Health Law Checkup > "HIPAA"

Health Law Checkup

Health Law Checkup

(By accessing, browsing or using the pages below, you agree to the Blog Conditions of Use/Disclaimer available under "Links.")

Posts

Fifth Circuit vacates $4.3M HHS enforcement penalty for HIPAA violations

Milada Goturi February 23, 2021
money_gavel_650x510

Last month, the US Court of Appeals for the Fifth Circuit issued a ruling vacating a $4.3 million dollar civil monetary penalty against the University of Texas MD Anderson Cancer Center by the US Department for Health and Human Services for alleged violations of the HIPAA Privacy and Security Rules. READ MORE

Population health, care coordination, and HIPAA: Do you need patient authorization or a business associate agreement?

Tonya Oliver Rose March 5, 2020
Stethoscope over a laptop computer keyboard

As more health care entities implement population health and care coordination initiatives, questions arise concerning the application of HIPAA to such efforts. Although HIPAA applies to protected health information used and shared by covered entities in connection with population health activities, in many circumstances HIPAA permits the use and sharing of such PHI without patient authorization or business associate agreements. READ MORE

OCR reminds business associates of direct liability for noncompliance with HIPAA Rules

Milada Goturi June 10, 2019
medical-doc-pen_000006111484-650x510

The HHS Office for Civil Rights has issued a new fact sheet addressing direct liability of business associates for violations of HIPAA Rules. The fact sheet serves as a reminder that business associates have direct liability under HIPAA and are subject to enforcement for Rule violations. READ MORE

HIPAA breach notification deadline is March 1

February 12, 2019
Illustration of security shield on computer

Per the HIPAA Breach Notification Rule, organizations that discovered a HIPAA breach in 2018 that affected fewer than 500 people have until March 1 to report the breach to the Office for Civil Rights. Organizations with more than one breach are required to complete a report for each incident. READ MORE

HHS issues voluntary health care cybersecurity guidelines

Milada Goturi January 17, 2019
Stethoscope over a laptop computer keyboard

The latest cybersecurity guidelines published by the Department of Health and Human Services, developed in response to a mandate of the Cybersecurity Act of 2015, provide healthcare organizations of all types and sizes with information on cybersecurity practices. READ MORE

OCR seeks public input on potential modifications to the HIPAA Rules

January 4, 2019
Doctor holding tablet

The Office of Civil Rights has asked for public input how the agency might modify the HIPAA Privacy, Security and Breach Notification Rules in a Request for Information. The 50 questions in the RFI reveals notable insights for the OCR’s future plans to improve care coordination and reduce regulatory burdens. READ MORE

7 facts employers and employees should know about HIPAA and the opioid crisis

Lori Jones September 21, 2018
Opioid pills and needle

As the opioid crisis continues, the Department of Health and Human Services has provided information to help health care providers know what they can and cannot disclose to concerned family members trying to help addicted loved ones. READ MORE

HIPAA reports of 2017 small-scale breaches due March 1, 2018

February 27, 2018
health-future-medical-app_23855425774_o

Covered entities that discovered small-scale HIPAA breaches during calendar year 2017 must file notice of such breaches with the Office of Civil Rights by March 1, 2018. READ MORE

OCR: No privacy breach is too small

Milada Goturi September 1, 2016
HIPAA folder

Once mainly focused on large data breaches affecting 500 or more individuals, the OCR now intends to increase HIPAA enforcement actions on smaller breaches of unprotected protected health information. READ MORE

OCR issues new guidance on individuals’ access to PHI: Is your access policy compliant?

Milada Goturi January 19, 2016
health-future-medical-app_23855425774_o

The OCR indicated that based on its enforcement experience, many individuals are having difficulties obtaining such access even as technology evolves, and new treatments make it important for individuals to have ready access to their PHI. READ MORE

Recent HIPAA settlements emphasize importance of robust compliance program

Milada Goturi December 9, 2015
security-shield_23592119646_o

Two recent HIPAA settlements remind organizations subject to HIPAA of the importance of having a robust HIPAA privacy and security compliance program in place. READ MORE

Top takeaways from 33rd Annual IAHA Annual Meeting

November 9, 2015
Health Law Checkup_default blog

On Oct. 27, 2015, the Annual Meeting of the Illinois Association of Healthcare Attorneys was held at Navy Pier in Chicago. Hundreds of health care attorneys attended, including several from Thompson Coburn. The symposium was loaded with high-quality and insightful sessions, and our attorneys identified the following highlights READ MORE

September 22, 2014: Quickly approaching deadline to amend business associate agreements

Milada Goturi September 9, 2014
close-up-of-secretarys-hands-doing-paperwork_15191063772_o

The HIPAA Omnibus Rule, enacted last year, made a number of changes to the HIPAA privacy, security and breach notification rules. Some of these changes affected business associate provisions of the HIPAA privacy and security rules. READ MORE