Tag Archives: HIPAA

Trump Administration Shelves Additional Obama Medicare/Health Plan Proposals

The Trump Administration has formally withdrawn a number of pending Department of Health and Human Services (HHS) proposals that never reached the final rule stage. This includes:  a controversial Part Medicare B drug payment innovation model; a proposal to protect same sex marriages in certain Medicare and Medicaid facilities (predating a related Supreme Court decision); … Continue Reading

OCR Plans to More Widely Investigate HIPAA Breaches Affecting Fewer than 500 Individuals

This month the HHS Office for Civil Rights (OCR) has launched an initiative “to more widely investigate the root causes” of HIPAA breaches affecting fewer than 500 individuals, according to an August 18, 2016 OCR email announcement. While Regional Offices will retain discretion to prioritize investigation of smaller breaches, each office is directed to “increase … Continue Reading

Reexamining HIPAA’s Applicability During Emergencies After the Tragedy in Orlando

Immediately following Sunday’s tragic shooting at a nightclub in Orlando, friends and family frantically gathered at Orlando Regional Medical Center, attempting to get information about their loved ones.  However, hospital officials hesitated to provide specific updates.  Why?  Because the Health Insurance Portability and Accountability Act (HIPAA) and implementing regulations restrict the patient-identifiable health information that … Continue Reading

HHS Finalizes HIPAA Amendments to Allow Reporting of Certain Mental Health Information to the National Instant Criminal Background Check System

On January 6, 2016, HHS published a final rule to modify the HIPAA Privacy Rule to expressly permit certain HIPAA covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of individuals who are subject to a federal “mental health prohibitor” that disqualifies them from shipping, transporting, possessing, or receiving … Continue Reading

OIG Calls for Stronger HIPAA Compliance Efforts

The OIG has issued two reports calling for stronger ONC oversight of covered entity compliance with HIPAA standards. In the first report, “OCR Should Strengthen Its Oversight of Covered Entities’ Compliance with the HIPAA Privacy Standards,” the OIG observes that OCR’s Privacy Rule compliance oversight is primarily reactive based on complaints since it has not … Continue Reading

HHS Solicits Comments on Use of Health Plan Identifier in E-Health Transactions

Today HHS published a request for public comments regarding the health plan identifier (HPID), including the requirements regarding health plan enumeration, and the requirement to use the HPID in electronic health care transactions. Specifically, HHS is seeking information regarding the following: The HPID enumeration structure outlined in the September 5, 2012 HPID final rule, including … Continue Reading

ONC Updated Electronic Health Information Privacy/Security Guidance

The Office of the National Coordinator for Health Information Technology (ONC) has released a revised Guide to Privacy and Security of Electronic Health Information. The guide is intended to help health care providers – especially those from smaller organizations – address federal health information privacy and security requirements in their practices. The new version updates … Continue Reading

OCR Releases Ebola Bulletin

The recent Ebola outbreak has prompted the HHS Office for Civil Rights (OCR) to release a new bulletin for covered entities and business associates regarding their privacy obligations under HIPAA in emergency situations. The bulletin, “HIPAA Privacy In Emergency Situations,” provides an overview of the limited ways in which covered entities and business associates may … Continue Reading

CMS Delaying Enforcement of HIPAA Health Plan Enumeration/Health Plan Identifier Regulations

CMS has announced that it is delaying until further notice enforcement of its regulations pertaining to health plan enumeration and use of the Health Plan Identifier (HPID) in HIPAA transactions, which were adopted in a September 5, 2012 final rule. This enforcement delay, which is effective October 31, 2014, applies to all HIPAA covered entities, … Continue Reading

Stolen Unencrypted Laptops Results in HIPAA Settlements for Two Health Companies

Two more health care companies have settled potential violations of the HIPAA Privacy and Security Rules arising from the theft of unencrypted laptops by paying a total of almost $2 million and agreeing to continued oversight by the HHS Office for Civil Rights (OCR). In both instances, the breaches were self-reported and the settlements resulted … Continue Reading

CMS Posts Final HIPAA Administrative Simplification Transaction Testing Checklists

CMS has released additional tools to help health plans, vendors, and providers prepare to demonstrate that they are compliant with Administrative Simplification Transaction Testing standards and operating rules and that they have completed end-to-end testing with their trading partners. Specifically, CMS has released payer, large provider, small provider, vendor-to-provider, and vendor-to-payer checklists to assist these … Continue Reading

Final HIPAA Rule Gives Patients Right to Access Test Results Directly from Labs

On February 6, 2014, the Department of Health & Human Services (HHS) published a final rule making changes to the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations to provide individuals with a greater ability to directly access their laboratory test reports. The rule is … Continue Reading

OIG Concludes OCR Slow to Enforce HIPAA Security Rule and Comply with Cybersecurity Requirements

The OIG has concluded that the HHS Office for Civil Rights (OCR) is not adequately overseeing and enforcing the HIPAA Security Rule. In short, the OIG found that OCR failed to provide for periodic audits, as mandated by HITECH, to ensure that covered entities were in compliance with the Security Rule, and instead continued to … Continue Reading

HHS Proposes HIPAA Amendments Addressing Gun Background Checks

On January 7, 2014, HHS published a proposed rule that would modify the HIPAA Privacy Rule to expressly permit certain HIPAA covered entities to disclose to the FBI’s National Instant Criminal Background Check System (NICS) the identities of individuals who are prohibited under federal law from shipping, transporting, possessing, or receiving a firearm for reasons related … Continue Reading

HHS Proposed Rule on Health Plan Certification of Compliance Requirements

On January 2, 2014, HHS published a proposed rule to promote more consistent testing processes for “controlling health plans” (CHP) to enable these entities to better achieve and demonstrate compliance with HIPAA standards and operating rules. Specifically, the rule would require a CHP to submit documentation demonstrating compliance with HIPAA standards and operating rules for … Continue Reading

HHS OCR Releases HIPAA Privacy Rule Guidance Documents

As reported on our sister blog, http://www.lifescienceslegalupdate.com/, the HHS Office for Civil Rights (OCR) has made a number of recent announcements regarding HIPAA Privacy Rule implementation. First, OCR has issued guidance on how the changes to the HIPAA Privacy Rule’s marketing provisions under the Health Information Technology for Economic and Clinical Health (HITECH) Act and … Continue Reading

Hard Drives on Used Photocopiers Result in HIPAA Violations and $1.2M Settlement to the OCR

As covered on Reed Smith’s Life Sciences Legal Update blog, Affinity Health Plan, Inc. (Affinity) recently reached a $1.2 million settlement with the HHS Office for Civil Rights related to potential violations of the Health Information Portability and Accountability Act of 1996 (HIPAA). Affinity self-reported a breach after learning from a CBS Evening News investigative report … Continue Reading

HHS Considering HIPAA Privacy Rule Amendments to Allow Reporting of Mental Health Data to National Instant Criminal Background Check System

HHS is soliciting comments on whether to amend the HIPAA Privacy Rule to expressly permit covered entities holding information about the identities of individuals who are disqualified from possessing or receiving firearms on mental health grounds to disclose limited information to the National Instant Criminal Background Check System. Comments on the rule will be accepted … Continue Reading

Administration Proposes ACA Insurance Waiting Period Rule

On March 21, 2013, the Internal Revenue Service, Employee Benefits Security Administration, and CMS published proposed rules providing that a group health plan (or health insurance issuer offering group health insurance coverage) may not apply any waiting period that exceeds 90 days, in conformance with the ACA. Under the proposed regulations, waiting period would be … Continue Reading

It’s Here: OCR Releases Long Awaited HIPAA/HITECH Final Rule

The Office for Civil Rights ("OCR") of the Department of Health and Human Services released today the long awaited, and much anticipated, omnibus final rule modifying the HIPAA Privacy, Security, Breach and Enforcement Rules. The final rule, which implements the statutory requirements of the Health Information Technology for Economic and Clinical Health Act ("HITECH") and the Genetic Information Nondiscrimination Act ("GINA"), is comprised of four final rules and addresses the July 2010 HITECH proposed rule, the Breach Notification and Enforcement interim final rules, as well as the October 2009 GINA proposed rule (collectively, the "HITECH Final Rule"). Notably, the HITECH Final Rule does not address the May 2011 proposed accounting and access report rule.… Continue Reading

Obama Administration’s Regulatory Agenda Points to Busy 2013 for HHS

On January 8, 2013, the Obama Administration published its latest semiannual regulatory agenda, outlining planned regulatory initiatives in a number of policy areas. The Federal Register version of the agenda includes only a portion of the regulations in the pipeline, however; the full agenda has been posted on the Office of Management and Budget (OMB) web … Continue Reading

CMS Announces 90-Day Enforcement Discretion Period for HIPAA Eligibility & Claim Status Operating Rules

On January 2, 2013, CMS announced a 90-day “enforcement discretion period” with respect to operating rules mandated by the ACA for two transactions: eligibility for a health plan and health care claim status. Specifically, the CMS Office of E-Health Standards and Services (OESS) will not initiate enforcement action until March 31, 2013, with respect to … Continue Reading
LexBlog