Tag Archives: HIPAA

A Summary of the Final HIPAA Rule

As we continue to examine the final HIPAA privacy and security regulations, as amended by the HITECH Act and the Genetic Information Nondiscrimination Act, we pulled together a summary of some of the key points. We fully expect additional sub-regulatory guidance to be provided by OCR, such as frequently asked questions and sample business associate agreement … Continue Reading

Final HIPAA Regulations: “Business Associates” Include Subcontractors, Data Storage Companies (Cloud Providers?)

Under the HITECH Act, business associates are subject to the HIPAA privacy and security rules (the "HIPAA Rules") virtually to the same extent as covered entities. In addition to implementing this change for business associates ("BAs"), and providing additional guidance concerning what entities are business associates, the final HIPAA regulations issued last week also treat certain subcontractors of BAs as BAs directly subject to the … Continue Reading

Health Care Providers May Disclose PHI to Avert Threats to Health and Safety, HHS Letter Confirms

Following the mass shootings in Newtown, CT, and Aurora, CO, Office for Civil Rights Director Leon Rodriguez issued a letter on January 15, 2013, reminding covered health care providers about disclosures of protected health information that may be made to avert threats to health and safety. The letter points out, for example, that mental health professionals … Continue Reading

Former Patient Advocate took Medical Records from Hospital, Alleges Hospital Instructed her to Destroy Them

Approximately 233 pages of confidential patient grievance files are at the center of a legal storm in U.S. District Court for the District of Minnesota.  In the case of Peterson v. HealthEast Woodwinds Hospital, the plaintiff, a former Patient Advocate, alleges she was instructed to improperly destroy medical files. According to her Complaint, this caused Peterson stress that required her to … Continue Reading

OCR Releases Guidance on “De-Identification” of PHI under HIPAA

On Monday, the Office for Civil Rights released guidance regarding methods for de-identification of protected health information (PHI) in accordance with the HIPAA Privacy Rule and as required by the American Recovery and Reinvestment Act of 2009. HIPAA covered entities and business associates recognize the increasing risks related to handling "protected health information." One way to reduce these risks … Continue Reading

Are Lou Gehrig’s Medical Records Still Private?

Former New York Yankee Lou Gehrig died 71 years ago from amyotrophic lateral sclerosis or ALS, now known as Lou Gehrig’s disease. Now some legislators in Minnesota want to make his medical records, maintained at the Mayo Clinic, public. A story in the Star Tribune raises the question of how long a patient’s personal health … Continue Reading

OCR Issues Protocol For HIPAA Privacy, Security and Breach Notification Audit Program

As we previously discussed, the Office of Civil Rights (“OCR”) continues to push forward with the HIPAA audits required by the HITECH Act.  To this end, the OCR recently posted the protocol which is used to conduct the HIPAA audits on its website.  The HITECH Act requires HHS to provide for periodic audits to ensure covered … Continue Reading

Third Party Vendors Equal Data Breach Risk, Massachusetts Vendor Contract Deadline Approaches – March 1, 2012

Massachusetts service provider contract deadline - March 1, 2012 - should be a reminder to revisit all contracts with third party vendors to ensure they require the vendor to safeguard personal information.… Continue Reading

Social Media Guide for Hospitals

The ECRI Institute recently published an excellent summary of key issues for hospitals concerning social media (registration required), a valuable read for any hospital administrator, risk manager or human resources director. ECRI reports that approximately 4,000 U.S. hospitals own social media sites and that number is sure to grow significantly. One of the reasons for this growth will likely be due in significant … Continue Reading
LexBlog