close

Blogs > Health Care and Life Sciences Law Blog

Office of Civil Rights

Mar 20, 2020

OCR Will Not Seek Enforcement Action for Use of Non-Compliance Telehealth Communications During the Coronavirus (COVID-19) National Public Health Emergency

In an effort to make health care more accessible during these unprecedented times, while we deal with the coronavirus (COVID-19) pandemic, the government is relaxing some rules and regulations when it comes to telehealth. As we discussed in our earlier blog post, on March 17th, The Office of Inspector General issued a policy statement waiving sanctions for providers’ waiver of telehealth cost-sharing amounts during the current Public Health Emergency.» Read More

Jun 28, 2019

New HHS Fact Sheet on Direct Liability of Business Associates

With the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act, business associates became directly liable for certain privacy and security requirements under the Health Insurance Portability and Accountability Act (HIPAA).  Business associates are those individuals or entities (other than employees) who perform functions or activities on behalf of, or provide certain services to, covered entities which require access to protected health information (PHI).» Read More

Dec 13, 2018

When Was the Last Time You Checked If Your Practice Has a HIPAA BAA with Its Vendors?

Do you have a HIPAA Business Associate Agreement (“BAA”) in place with all your vendors who have access to your patients’ Protected Health Information (“PHI”)?  If not, you may be exposing your practice to a significant monetary penalty.  On December 4, 2018, the United States Department of Health and Human Services Office of Civil Rights released a statement revealing they have reached a $500,000 settlement with a Florida hospitalist group for disclosing PHI to a vendor with whom they did not have a HIPAA BAA. » Read More

Oct 25, 2018

Consequences for HIPAA Violations Don’t Stop When a Business Closes

In a recent case, Filefax, a medical record storage, maintenance, and delivery company, paid the US Department of Health and Human Services, Office of Civil Rights (“OCR”) $100,000 to settle claims of HIPAA violations even after the company went out of business. » Read More

Jul 20, 2018

New OCR Guidance Regarding Patient Authorizations for Research Purposes

Generally, when using or disclosing an individual’s Protected Health Information (“PHI”), HIPAA regulations require the covered entity to obtain an authorization from an individual, including for research purposes[1].  The Office of Civil Rights (“OCR”), the entity that enforces HIPAA compliance, recently issued guidance for situations when an entity obtains an authorization from an individual for use and disclosure of PHI for research[2], focusing on the following topics:

  • Sufficient Description – HIPAA regulations require that the authorization, in plain language, provide “a description of each purpose of the requested use or disclosure.
» Read More

Categories