On Nov. 30, the Illinois Supreme Court, in Mosby v. The Ingalls Memorial Hospital et al., held that certain healthcare providers’ biometric data, used for healthcare operational purposes under the Health Insurance Portability and Accountability Act, is not protected under the Illinois Biometric Information Privacy Act. Read on for details about this development and
Kimberly J. Kannensohn
Kimberly focuses her practice on the provision of corporate, regulatory and compliance counseling to healthcare and life sciences companies. The cornerstone of her practice is providing guidance to clients regarding HIPAA and the HITECH Act, the Medicare and Medicaid fraud and abuse laws, the Stark Law, Medicare coverage and reimbursement rules, and state healthcare laws and regulations.
Homeland Security and HHS Release Interactive Healthcare Cybersecurity Toolkit
In light of a significant rise in cyberattacks against hospitals and health systems, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the U.S. Department of Health and Human Services recently released a cybersecurity toolkit. Read on for details about the toolkit and how the federal government is prioritizing cybersecurity in healthcare.…
FTC Proposes Modifying Health Breach Notification Rule for Non-HIPAA Entities
Seeking to formalize its Sept. 15, 2021, Statement of the Commission on Breaches by Health Apps and Other Connected Devices, the Federal Trade Commission proposed broadening the Health Breach Notification Rule to cover “most health apps and similar technologies that are not covered by HIPAA.” Read on for details about this proposed rule, which is…
HHS Extends Public Comment Period for Proposed HIPAA Privacy Rule Changes
On March 9, the Department of Health and Human Services announced it was extending until May 6, 2021, the comment period for proposed changes to regulations implementing the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act of 2009.
Read our complete alert to learn…
Department of Health and Human Services Announces Proposed Changes to the HIPAA Privacy Rule
On January 21, 2021, the Department of Health and Human Services (HHS) published proposed modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH).
The proposed rule is part of HHS’ Regulatory Sprint to Coordinated Care, which seeks to promote value-based healthcare by examining federal regulations that impede efforts among healthcare providers and health plans to better coordinate care for patients. Specifically, HHS aims to amend the regulations implemented pursuant to HIPAA and HITECH where the rules present barriers to coordinated care and case management or where they otherwise impose burdens on covered entities that do not increase individuals’ privacy protections.Continue Reading Department of Health and Human Services Announces Proposed Changes to the HIPAA Privacy Rule
OCR Warns Providers and Media: Patient Privacy Remains Protected Despite Pandemic
Since the outbreak of COVID-19, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has issued various notifications of enforcement discretion related to compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, discussed previously. However, OCR issued guidance on May 5, 2020, reminding covered healthcare providers that the HIPAA Privacy Rule remains in force during the COVID-19 public health crisis except as expressly relaxed under OCR’s prior guidance. Specifically, OCR’s most recent guidance addresses the disclosure of patient protected health information (PHI) to the media by allowing the media to film patients in facilities where PHI is accessible.
Continue Reading OCR Warns Providers and Media: Patient Privacy Remains Protected Despite Pandemic
HHS Limited Waiver and Guidance on HIPAA and the Privacy Rule During COVID-19 Pandemic
Since the outbreak of COVID-19, the Department of Health and Human Services Office for Civil Rights (OCR) has issued various guidance documents on compliance with the Health Insurance Portability and Accountability Act of 1996 and its regulations. The topics include OCR’s discretion in enforcing HIPAA with respect to telehealth services, waiving hospital compliance with the HIPAA Privacy Rule in limited circumstances, and Privacy Rule compliance in the absence of specific waiver. The OCR guidance, discussed below, confirms that HIPAA still applies during the pandemic but compliance may be relaxed in certain situations to allow healthcare providers to respond effectively to the current public health emergency.
Continue Reading HHS Limited Waiver and Guidance on HIPAA and the Privacy Rule During COVID-19 Pandemic