The HIPAA Privacy Rule to Support Reproductive Health Care Privacy Final Rule is Effective Today
| |

The HIPAA Privacy Rule to Support Reproductive Health Care Privacy Final Rule is Effective Today

“On April 26, 2024, the Biden-Harris Administration, through the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a Final Rule, entitled the HIPAA Privacy Rule to Support Reproductive Health Care Privacy. The Final Rule strengthens the Health Insurance Portability Act of 1996 (HIPAA) Privacy Rule by prohibiting the…

Watchdog Group Asks 5 Attorneys General to Investigate Crisis Pregnancy Center Privacy Practices
| |

Watchdog Group Asks 5 Attorneys General to Investigate Crisis Pregnancy Center Privacy Practices

By now I’m sure you’ve heard or read the story about the watchdog group, Campaign for Accountability, asking 5 Attorneys General to investigate pregnancy centers. I find it very suspicious this news broke the same day the HHS published a final rule amending the HIPAA Privacy Rule in an effort to protect abortionist. Just in…

The Biden-Harris Administration Issues New Rule to Support Reproductive Health Care Privacy Under HIPAA
| |

The Biden-Harris Administration Issues New Rule to Support Reproductive Health Care Privacy Under HIPAA

The Final Rule strengthens privacy protections for medical records and health information for women, their family members, and doctors who are seeking, obtaining, providing, or facilitating lawful reproductive health care. Today, the Biden-Harris Administration, through the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced a Final Rule,…

Is Your Organization Eligible for Cyber Insurance?
| | |

Is Your Organization Eligible for Cyber Insurance?

Insurance companies that provide cyber insurance have been educating themselves about today’s cyber environment and the relatively new market of cyber insurance. Now, insurance companies are more aware of the need for their insured organizations to have proper security measures that include a wide range of solutions. As insurers better understand what a “secure organization”…

Snooping Into Medical Records is Expensive
| |

Snooping Into Medical Records is Expensive

The following is a report from the the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). The OCR “announced a settlement with Yakima Valley Memorial Hospital, a not-for-profit community hospital located in Yakima, Washington resolving an investigation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The OCR investigated…

Healthcare Organizations Face Increased Scrutiny
| | |

Healthcare Organizations Face Increased Scrutiny

An increase in hacking incidents, new regulatory requirements and compliance initiatives due to Dobbs and Pixel use, and lawsuits against healthcare organizations over privacy violations are soaring. HIPAA-regulated entities and other organizations that operate in the healthcare space are now facing increased scrutiny of their data security practices and compliance programs. An increase in enforcement actions and…

RFI HIPAA Privacy Rule
| | | |

RFI HIPAA Privacy Rule

On April 12th, the Office of Health and Human Services (HHS) published a Notice of Proposed Rule Making (NPRM) to seek comments regarding modifications to the HIPAA Privacy Rule ‘to support reproductive healthcare and privacy.’ Don’t let the misleading intentions lead you to believe this is a positive move for healthcare, much less for reproductive…

HHS Restructures OCR to Handle Increased HIPAA Complaints
| | |

HHS Restructures OCR to Handle Increased HIPAA Complaints

It should not come as a surprise that on February 27, 2023 HHS announced three new divisions within the Office of Civil Rights (OCR): An Enforcement Division, a Policy Division, and a Strategic Planning Division. In HHS’s report to Congress, HHS noted a 25% increase in HIPAA and HITECH complaints received in 2020. The Director…

HHS Office for Civil Rights Delivers Annual Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information
| | |

HHS Office for Civil Rights Delivers Annual Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information

The HHS Office of Civil Rights (OCR) provided Congress with two reports for 2021 regarding HIPAA Privacy, Security, and Breach Notification Rule Compliance and Breaches of Unsecured Protected Health Information. These reports can help organizations like pregnancy centers and business associates better comply with the requirements of HIPAA by giving insight to trends in the HIPAA environment….

New Bill to Strengthen HIPAA Protections for Patients Seeking Reproductive Healthcare
| | |

New Bill to Strengthen HIPAA Protections for Patients Seeking Reproductive Healthcare

US Senators Michael Bennet (D-CO) and Mazie Hirono (D-HI) introduce the Secure Access for Essential Reproductive (SAFER) Health Act. The act aims to strengthen HIPAA protections; as a result, it would prohibit providers from disclosing patient information relating to abortion or pregnancy loss without patient consent. The February 9, 2023 press release states, “The SAFER…

How to Dispose of Electronic Protected Health Information Under HIPAA
| | |

How to Dispose of Electronic Protected Health Information Under HIPAA

Improper disposal of either paper or electronic protected health information is a HIPAA violation. HIPAA requires organizations to implement and follow administrative, technical, and physical safeguards. These types of violation lead to investigation by the Office of Civil Rights (OCR) and substantial civil money penalties. July 6, 2021 HealthReach Community Health Centers experienced a breach…

How to Dispose of Paper Protected Health Information Under HIPAA
| |

How to Dispose of Paper Protected Health Information Under HIPAA

Disposing of paper protected heath information (PHI), such as medical records needs to be done in a HIPAA compliant way. It is important to implement and follow administrative, technical, and physical safeguards all the time, but especially when it comes to disposing of paper PHI. Improper disposal of PHI violates HIPAA, which can lead to…

HHS OCR Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies
| | |

HHS OCR Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies

The bulletin highlights the obligations of covered entities and business associates when using online tracking technologies like Google Analytics or Meta Pixel. These technologies are designed to collect and analyze information about how users interact with a regulated entity’s website or mobile application. Does your organization share electronic protected health information (ePHI) with online tracking…

HHS Issues Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe
| |

HHS Issues Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe

This article is taken directly from an email received from the Department of Health and Human Services as a way to keep you up to date regarding the actions taken by HHS and the OCR in regards to the overturning of Roe v. Wade. HHS Issues Guidance to Protect Patient Privacy in Wake of Supreme…

Common HIPAA Violations Part 2
|

Common HIPAA Violations Part 2

Impermissible Uses and Disclosures While the failure to conduct or complete a security risk assessment is the most common violation for organizational behavior, the most common violation for individuals are impermissible uses and disclosures of protected health information (PHI) and electronic protected health information (ePHI). Impermissible uses and disclosures occur when PHI is disposed of…

Common HIPAA Violations Part 1
| |

Common HIPAA Violations Part 1

Security Risk Assessment The HIPAA Security Rule requires organizations to conduct a Security Risk Assessment, also called a security risk analysis. When it comes to HIPAA violations, the failure to conduct or complete a security risk assessment seems to be the most common violation. However, this does not have to be the case! There are…