protected health information

If there is one thing artificial intelligence (AI) systems need is data and lots of it as training AI is essential for achieving success for a given use case. A recent investigation by Australia’s privacy regulator into the country’s largest medical imaging provider, I-MED Radiology Network, illustrates concerns about the use of medical data to

On April 22, 2024, the federal Department of Health and Human Services’ Office for Civil Rights (OCR) announced a final rule enhancing privacy protections relating to reproductive health care. Specifically, the final rule amends the Privacy Rule under the Health Insurance Portability and Accountability Act (HIPAA) to, among other things, establish new limits on the

Recently, things may have sped up a little in your doctor’s office. The notes for your recent visit may have been organized and filed a little more quickly. You might have received assistance sooner than expected with a physician letter to your carrier concerning a claim. You also may have received copies of those medical

A $300,640 settlement announced yesterday by the Office for Civil Rights (OCR) provides important reminders about HIPAA Privacy Rule and data privacy practices generally: robust data disposal practices are critical and “protected health information” (PHI) is not limited to diagnosis or particularly sensitive information.

The OCR’s settlement involved a New England dermatology practice that reported

When use or disclosure of an individual’s health information or medical records is at issue, the assumption seems to be, much more often than not, that the HIPAA privacy and security rules apply. This has certainly been the case during the COVID-19 pandemic. Of course, it is true that in most healthcare settings, HIPAA is

On April 3, the Office for Civil Rights (OCR) issued an alert to covered entities and business associates. Evidently, one or more individuals are posing as OCR Investigators and contacting HIPAA covered entities and business associates in an attempt to obtain protected health information (PHI).  The individual identifies on the telephone as an OCR investigator,

When privacy geeks talk “privacy,” it is not uncommon for them to use certain terms interchangeably –personal data, personal information, personally identifiable information, private information, individually identifiable information, protected health information, or individually identifiable health information. They might even speak in acronyms – PI, PII, PHI, NPI, etc. Blurring those distinctions might be OK for

Health insurance carriers often provide explanation of benefits (EOB) summaries to the policyholder specifying the type and cost of health care services received by dependents covered by the policy. EOBs often disclose sensitive information regarding the mental or physical health condition of adult dependents. Massachusetts has now enacted a law, an act to protect access

According to a Bloomberg article, the second phase of HIPAA audits by the Office for Civil Rights (OCR), originally set to commence in 2014, may be coming soon. This update came at a HIPAA conference co-hosted by OCR during which OCR Director Jocelyn Samuels said the agency was in the process of confirming contact

When businesses set out to safeguard “personal information,” a fundamental consideration is what that term means. Likewise, when negotiating a third-party vendor agreement, it typically is not enough to rely on the standard definition for “confidential information.” Recently, Nevada and other states have updated their definitions of personal information in connection data breaches notification and