Health data privacy, including in the context of reproductive health, was strengthened last week when Washington Governor Jay Inslee signed the “My Health, My Data Act” on April 27, 2023. Set to take effect on March 31, 2024, the new law aims to address health data collected by entities not covered by the federal Health
October is National Cybersecurity Awareness month, and the HHS Office for Civil Rights (OCR) has provided a timely reminder for HIPAA covered entities and business associates to have a written incident response plan! To learn why another policy is needed, what an incident response plan needs to include, and the reporting obligations, read the
On May 11, 2021, the Centers for Medicare & Medicaid Services (CMS) of the U.S. Department of Health & Human Services published an interim final rule/guidance to establish COVID-19 vaccination requirements for Long-Term Care (LTC) facilities. The requirements are applicable to both residents and staff. LTC facilities have already been managing COVID-19 vaccination requirements both
The Office for Civil Rights (OCR) has taken enforcement action against a small New Jersey plastic surgery practice for its failure to timely respond to a patient’s records access request. Putting in place relatively simple policies, carefully developing template forms, assigning responsibility, training, and documenting responses can go a long way toward substantially minimizing the
With first responders on the front lines of helping to fight the coronavirus, sharing information about potential exposure to COVID-19 is critical to protecting them and preventing further spread. In these situations, the information shared is most often “protected health information” (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.
As the coronavirus spreads across the globe and in the United States, providers, businesses, employers, and others are struggling to understand what medical information they can collect and what information they can share. These are difficult questions the answers to which involve considering factors such as long-standing compliance requirements (e.g., HIPAA, ADA, GINA, state law),
The outbreak of a new coronavirus that is believed to have began in central Chinese city of Wuhan and now appears to be spreading to the United States is driving concerns for organizations around preparedness regarding their operations, their customers, and their employees. In the healthcare sector, as with prior contagious disease outbreaks, fears about
As we have observed here, news reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant and perhaps more immediate area of data risk is malicious insiders.
Today, the Department of Health and Human Services (HHS) issued a notification of enforcement discretion changing its interpretation of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 resulting in a reduction in the amount of the cumulative annual penalty limit for violations of HIPAA. Our colleagues in the Privacy, Data
Small and midsized enterprises (SMEs) continue to be targeted by ransomware, phishing and other cyberattacks; the consequences of which could be devastating. Those consequences include putting SMEs out of business, which is unfortunately the case for one small medical practice in Battle Creek, Michigan, as reported by HIPAAJournal. Our colleagues in the Privacy, Data