By now, we suspect most if not all of our readers are aware of the final rules issued by HHS earlier this year to regulate sponsored refill reminder programs, the litigation initiated by Adheris, Inc. last month challenging those rules, and the subsequent, revised guidance on refill reminders and patient messaging programs issued by HHS on September 19th.
A nursing assistant at a Florida assisted living facility was sentenced last week to 37 months in prison for violating HIPAA’s prohibition on the wrongful disclosure of patient health information.
Guess What? You’re Now Subject to HIPAA (Yes, You!): The Broad Reach of HIPAA Over Business Associates
With the HIPAA Final Rule now in place, business associates as well as subcontractors must comply with the entire Security Rule (among other aspects of HIPAA) and face direct liability for the failure to do so.
I read a recent Forbes.com post by Rick Ungar (“Claims That Obamacare Website Violates Health Privacy Reveals Embarrassing Fact – GOP Does Not Understand HIPAA or Obamacare”) that revealed a truly embarrassing fact: very few of us really understand HIPAA, let alone the intricacies of the Affordable Care Act (“ACA” or “Obamacare”) and its interplay with HIPAA.
The Parade of PHI Security Breaches: Why Did It Take Two Years for the Status of Minne-Tohe Health Center As a Marcher to Be Disclosed?
It is noteworthy that there are often substantial delays in disclosures regarding covered entities (“CEs”) that have become marchers in the Parade of large Protected Health Information (“PHI”) security breaches under HIPAA.
On September 25, 2013, the Northern District Court of Florida, Tallahassee Division, ruled that Florida Statute § 766.1065 violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) by requiring a plaintiff in a medical malpractice action to deliver a presuit authorization which allows the defending medical professionals to conduct ex parte interviews of the plaintiff’s other healthcare providers.
Just in time for the September 23, 2013, deadline for compliance with the HIPAA Omnibus Rule, the U.S. Department of Health and Human Services (“HHS”) issued a set of model notices of privacy practices for health care providers and group health plans, available at http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html.
A party (Party) to a HIPAA Business Associate Agreement (BAA) or Subcontractor Agreement (SCA), whether a covered entity (CE), business associate (BA) or subcontractor (SC), may struggle with the question as to whether to agree to, demand, request, submit to, negotiate or permit, an indemnification provision (Provision) respecting the counterparty (Counterparty) under a BAA or SCA.
U.S. Health IT Policy Committee to Hold Hearing and Seek Public Comment On HIPAA Accounting of Disclosure Requirements
On September 30, 2013 (11:45am – 5:00pm EDT), the U.S. Health Information Technology Policy Committee’s Privacy and Security “Tiger Team” will convene an online public hearing to discuss how to improve transparency for patients about the uses and disclosures of their identifiable, electronic health information.