Skip to content

The Office of Civil Rights (OCR) issued a notice yesterday stating that it will not impose penalties for HIPAA non-compliance in connection with a covered entity health care provider’s or business associate’s good faith use of online or web-based scheduling applications (WBSAs) for the scheduling of appointments for COVID-19 vaccinations during the public health emergency.  The notice is retroactively effective to December 11, 2020. OCR highlights to covered health care providers and business associates that its temporary lifting of HIPAA penalties applies only to scheduling of COVID-19 vaccinations and to no other activities.
Continue Reading OCR Announces it Will Not Impose HIPAA Penalties for Use of COVID-19 Vaccine Scheduling Apps

On December 10, 2020, the U.S. Department of Health and Human Services (HHS) announced proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which is one of several rules that protect the privacy and security of individuals’ medical records and other protected health information (PHI). According to HHS, the proposed changes are intended to support individuals’ engagement in their health care, remove barriers to coordinated care and case management, and reduce regulatory burdens on the health care industry, while continuing to protect the privacy and security of individuals’ PHI.
Continue Reading HHS Proposes Modifications to the HIPAA Privacy Rule to Enhance Care Coordination and Management and Remove Barriers to Accessing Information

Continuing with its previous enforcement actions centered on covered entities’ failure to provide patients with access to their health records, the Office for Civil Rights (OCR) announced on October 9, 2020 that it entered into a settlement with Dignity Health, doing business as St. Joseph’s Hospital and Medical Center in Phoenix (St. Joseph’s) for $160,000 for failing to respond to multiple requests of a mother for her son’s records.
Continue Reading Dignity Health Settles with OCR for $160,000 for Failing to Provide Access to Records

Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of Tennessee, agreed to pay $2,300,000 to the Office for Civil Rights (OCR) in settlement of potential violations of HIPAA’s Privacy and Security Rules. The OCR investigation and settlement stemmed from a data breach affecting over six million people.
Continue Reading HIPAA Business Associate Pays $2.3 Million Settlement After Hackers Target PHI of Over 6 Million Individuals

The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA Rights to Access Initiative (Initiative), which it announced would be an enforcement priority for it starting in 2019. The Initiative is “to support individuals’ right to timely access to their health records at a reasonable cost under the HIPAA Privacy Rule.”

The addition of the five recent settlements brings the total to seven for OCR’s enforcement of the Initiative. The OCR’s press release states that the recent settlement involve five entities: Housing Works, Inc., All Inclusive Medical Services, Inc., Beth Israel Lahey Health Behavioral Sciences and King MD.
Continue Reading OCR Settles Five Investigations Under Right of Access Initiative

On June 12, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued timely HIPAA guidance (Guidance) regarding solicitations of blood and plasma donations from recovered COVID-19 patients.

In the Guidance, OCR affirms that health care providers can use patient information to identify patients that have recovered from COVID-19 to provide information about how they may donate plasma or blood with COVID-19 antibodies to support treatment of other patients with COVID-19. OCR explains that this use of protected health information would be permissible as part of a provider’s health care operations to enable case management of COVID-19 patient populations. OCR also reminds providers that because the activity is a health care operation and not for treatment purposes, HIPAA’s minimum necessary standard applies to any use or disclosure of protected health information in connection with the solicitation of blood or plasma donations.
Continue Reading HHS Issues Guidance for Providers on Soliciting COVID-19 Blood and Plasma Donations

These days, news stations are frequently running stories concerning people being treated for COVID-19, the providers working tirelessly to care for them, and politicians visiting health care facilities for a first-hand look at the crisis. In response to the media interest, the Office for Civil Rights (OCR) issued guidance on May 5, 2020 to healthcare providers answering the question “Does the COVID-19 Public Health Emergency alter the HIPAA Privacy Rule’s restrictions on disclosures of protected health information to the media?” The guidance reminds them “that the HIPAA Privacy Rule does not permit them to give media and film crews access to facilities” in which patient health information may be accessible without the patients’ authorization. This includes any areas of the facility where patients’ protected health information (PHI) may be accessible in any form (e.g., written, electronic, oral, or other visual or audio form).


Continue Reading OCR Issues Guidance About Media Access to Health Care Facilities

On April 9, 2020 the Department of Health & Human Services Office for Civil Rights (OCR) issued another Notification that it will exercise its enforcement discretion and not impose penalties for HIPAA violations in connection with good faith participation in the operation of COVID-19 testing sites during the COVID-19 emergency.
Continue Reading HHS Waives HIPAA Penalties for Operation of a Community-Based COVID-19 Testing Site

On March 27, Congress enacted the Coronavirus Aid, Relief, and Economic Security Act (CARES Act, or the Act), Public Law 116-136, a trillion-dollar stimulus bill intended to provide financial assistance to individuals and business affected by the COVID-19 pandemic.  The Act contains a broad range of measures intended to bolster the economy in the midst of the COVID-19 pandemic.  Unsurprisingly, a central focus of the Act is the provision of relief and support for hospitals and health care providers on the front lines of the COVID-19 pandemic.  This article provides a brief overview of some of the major pieces of the CARES Act, and the firm will provide additional updates on key aspects of the Act.
Continue Reading CARES Act Provides Vital Financial Support for Health Care Providers on COVID-19 Front Lines