We have written several times about U.S. Department of Health and Human Services Office for Civil Rights’ “HIPAA Right of Access Initiative.” In its most recent enforcement action under the Initiative, the 44th such enforcement action, the OCR investigated a complaint made against a psychotherapist concerning the alleged refusal to provide medical records. Ultimately, and
U.S. Department of Health and Human Services
FDA Names First Acting Director of Medical Device Cybersecurity
The U.S. Food and Drug Administration (FDA) named University of Michigan Associate Professor Kevin Fu Acting Director of Medical Device Security in its Center for Devices and Radiological Health. This is a newly created 12-month post in which Fu will “work to bridge the gap between medicine and computer science and help manufacturers protect…
OCR Releases New Guidance on HIPAA for Mobile Health Technology
Over the past few years, and particularly during the COVID-19 pandemic, the Department of Health and Human Services Office for Civil Rights in Action (OCR) has made countless efforts to enhance its Health Insurance Portability and Accountability Act (HIPAA) guidance and other related resources on its website. Last week, the OCR launched a new feature…
OCR is Serious About Patients’ Rights to Access Records, Announcing Enforcement Actions Against 5 Providers
When providers, health plans, business associates, and even patients and plan participants think of the HIPAA privacy and security rules (‘HIPAA Rules”), they seem to be more focused on the privacy and security aspects of the HIPAA Rules. That is, for example, safeguarding an individual’s protected health information (PHI) to avoid data breaches or avoiding…
HHS Removes Enforcement Barriers for Telehealth during COVID-19 Nationwide Public Health Emergency
The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) wants to make it easier for individuals to reach a healthcare provider, including those most at risk (older persons and persons with disabilities). Effective immediately, during the COVID-19 nationwide public health emergency, OCR announced it will not enforce noncompliance with…
Lessons To Be Learned From The Breach Of Nearly 500,000 Individual Health Records Reported In September 2017
A recent report indicates that nearly 500,000 individual health records were breached in September 2017. This figure is taken from the 39 healthcare data breaches involving more than 500 records that were reported to the Department of Health and Human Services’ Office for Civil Rights in September 2017. Healthcare providers suffered the most breaches with…
Global Cyberattack Exploits Known Vulnerabilities
As you likely know by now, international cybercriminals launched a worldwide ransomware attack last Friday with the European law enforcement agency Europol reporting over 100,000 affected organizations in 150 countries, including the U.S. Reports indicate that health care providers, universities, and other large companies were all targeted. The Department of Health and Human Services also …
Social Media Guidance Issued For Pharmaceutical Entities
The U.S. Department of Health and Human Services, Food and Drug Administration (FDA) recently issued draft guidance entitled “Guidance for Industry-Fulfilling Regulatory Requirements for Postmarketing Submissions of Interactive Promotional Media For Prescription Human and Animal Drugs and Biologics.”
The draft guidance is intended to describe the FDA’s current thinking about how manufacturers, packers, and distributors…