Tag Archives: HIPAA

HHS releases final rule and fact sheet to clarify Part 2: Standards for Substance Use Disorder Record Protection, Disclosure, and Registry

After nearly a full year of public comment consideration, last week, the U.S. Department of Health and Human Services (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) announced and published a Final Rule and Fact Sheet addressing 42 C.F.R. Part 2 (Part 2). Generally speaking, Part 2 affords privacy protections to patient records pertaining … Continue Reading

Reliance on telehealth ramps up during COVID-19, and may be here to stay

As technology has advanced over the years, there has been a corresponding push for virtual visits with health care providers.  In fact, many state boards of medicine and other regulatory agencies have sought to amend regulations and guidances to make telehealth a reality for patients across the U.S.  However, despite the technical allowance for telehealth, … Continue Reading

HHS expands access to telehealth services in response to COVID-19

As discussed in our client alert, recent legal developments have greatly expanded funding for and access to telehealth services during the COVID-19 crisis. Among the changes instituted by HHS are expanded Medicare coverage and payment for services, reduced or waived cost-sharing obligations for physicians, and loosening of the HIPAA enforcement policies for covered entities (which … Continue Reading

HHS waives requirements for health care providers under section 1135 in response to COVID-19

Shortly after President Trump declared a national emergency related to COVID-19, CMS issued blanket waivers under section 1135 of the Social Security Act that are intended to ensure there are sufficient health care items and services available to meet the increased need, as well as reduce related administrative burdens on health care providers. Our comprehensive … Continue Reading

HHS Adopts New Retail Pharmacy HIPAA Transaction Requirements for Schedule II Drug Prescriptions

The Department of Health and Human Services (HHS) has modified HIPAA retail pharmacy transaction requirements to differentiate between partial fill and full refills of opioids and other Schedule II drug prescriptions.  Specifically, HHS has finalized the requirements for use of the National Council for Prescription Drug Programs (NCPDP) Telecommunication Standard Implementation Guide, Version D, Release … Continue Reading

HHS to Rescind Standard Unique Health Plan Identifier and Other Entity Identifier

The Department of Health and Human Services (HHS) has adopted its proposal to rescind the standard unique health plan identifier (HPID) and the “other entity identifier” (OEID), along with related implementation specifications and requirements for their use.  HHS adopted the HPID and OEID in a September 5, 2012 final rule in order to improve the utility … Continue Reading

States Banding Together on HIPAA Enforcement

In the first settlement of its kind, a medical software provider has agreed to pay $900,000 to 16 state attorneys general for alleged violations of state and federal privacy laws. The settlement, stemming from a federal lawsuit in the U.S. District Court for the Northern District of Indiana, demonstrates the resolution of the first-ever multistate … Continue Reading

HHS Revises Previous Penalty Structure for HIPAA Violations, Creates Annual Penalty Limits

The U.S. Department of Health and Human Services filed a Notice of Enforcement Decision on Friday, April 26, 2019, announcing a new system of annual penalty limits for HIPAA violations based on an entity’s level of culpability. The agency revised its previous interpretation of the Health Information Technology for Economic and Clinical Health Act (HITECH … Continue Reading

HHS Proposes Changes to HIPAA Transaction Standard for Prescriptions for Schedule II Drugs in Retail Pharmacy Transactions

The Department of Health and Human Services (HHS) has issued a proposed rule that would modify the current HIPAA transaction standard for retail pharmacy transactions (the August 2007 revision of NCPDP telecommunications standard D.0) with respect to claims and similar transactions for Schedule II drugs.  HHS states that the change would enable covered entities to … Continue Reading

HHS Proposes Rescinding Standard Unique Health Plan Identifier and Other Entity Identifier

The Department of Health and Human Services (HHS) is proposing to rescind the standard unique health plan identifier (HPID) and the other entity identifier (OEID), along with related implementation specifications and requirements for their use. HHS adopted the HPID and OEID in a September 5, 2012 final rule, but HHS announced a delay in enforcement … Continue Reading

OCR Seeks Feedback on HIPAA Rule Reforms to Reduce Burdens, Promote Value-Based Care

The Office for Civil Rights (OCR) is requesting public input on reforms to Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules to promote care coordination and the health system’s transformation to value-based health care while protecting the privacy and security of individuals’ protected health information (PHI).  Specifically, in a request for information … Continue Reading

Trump Administration Shelves Additional Obama Medicare/Health Plan Proposals

The Trump Administration has formally withdrawn a number of pending Department of Health and Human Services (HHS) proposals that never reached the final rule stage. This includes:  a controversial Part Medicare B drug payment innovation model; a proposal to protect same sex marriages in certain Medicare and Medicaid facilities (predating a related Supreme Court decision); … Continue Reading

OCR Plans to More Widely Investigate HIPAA Breaches Affecting Fewer than 500 Individuals

This month the HHS Office for Civil Rights (OCR) has launched an initiative “to more widely investigate the root causes” of HIPAA breaches affecting fewer than 500 individuals, according to an August 18, 2016 OCR email announcement. While Regional Offices will retain discretion to prioritize investigation of smaller breaches, each office is directed to “increase … Continue Reading

Reexamining HIPAA’s Applicability During Emergencies After the Tragedy in Orlando

Immediately following Sunday’s tragic shooting at a nightclub in Orlando, friends and family frantically gathered at Orlando Regional Medical Center, attempting to get information about their loved ones.  However, hospital officials hesitated to provide specific updates.  Why?  Because the Health Insurance Portability and Accountability Act (HIPAA) and implementing regulations restrict the patient-identifiable health information that … Continue Reading

HHS Finalizes HIPAA Amendments to Allow Reporting of Certain Mental Health Information to the National Instant Criminal Background Check System

On January 6, 2016, HHS published a final rule to modify the HIPAA Privacy Rule to expressly permit certain HIPAA covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of individuals who are subject to a federal “mental health prohibitor” that disqualifies them from shipping, transporting, possessing, or receiving … Continue Reading

OIG Calls for Stronger HIPAA Compliance Efforts

The OIG has issued two reports calling for stronger ONC oversight of covered entity compliance with HIPAA standards. In the first report, “OCR Should Strengthen Its Oversight of Covered Entities’ Compliance with the HIPAA Privacy Standards,” the OIG observes that OCR’s Privacy Rule compliance oversight is primarily reactive based on complaints since it has not … Continue Reading

HHS Solicits Comments on Use of Health Plan Identifier in E-Health Transactions

Today HHS published a request for public comments regarding the health plan identifier (HPID), including the requirements regarding health plan enumeration, and the requirement to use the HPID in electronic health care transactions. Specifically, HHS is seeking information regarding the following: The HPID enumeration structure outlined in the September 5, 2012 HPID final rule, including … Continue Reading

ONC Updated Electronic Health Information Privacy/Security Guidance

The Office of the National Coordinator for Health Information Technology (ONC) has released a revised Guide to Privacy and Security of Electronic Health Information. The guide is intended to help health care providers – especially those from smaller organizations – address federal health information privacy and security requirements in their practices. The new version updates … Continue Reading

OCR Releases Ebola Bulletin

The recent Ebola outbreak has prompted the HHS Office for Civil Rights (OCR) to release a new bulletin for covered entities and business associates regarding their privacy obligations under HIPAA in emergency situations. The bulletin, “HIPAA Privacy In Emergency Situations,” provides an overview of the limited ways in which covered entities and business associates may … Continue Reading

CMS Delaying Enforcement of HIPAA Health Plan Enumeration/Health Plan Identifier Regulations

CMS has announced that it is delaying until further notice enforcement of its regulations pertaining to health plan enumeration and use of the Health Plan Identifier (HPID) in HIPAA transactions, which were adopted in a September 5, 2012 final rule. This enforcement delay, which is effective October 31, 2014, applies to all HIPAA covered entities, … Continue Reading

HHS Guidance HIPAA Privacy Rule and Same-sex Marriage

The HHS Office of Civil Rights (OCR) has released guidance on “HIPAA and Same-sex Marriage: Understanding Spouse, Family Member, and Marriage in the Privacy Rule.” The guidance stems from a Supreme Court decision in United States v. Windsor striking down Section 3 of the Defense of Marriage Act (DOMA), which had provided that federal law … Continue Reading

Stolen Unencrypted Laptops Results in HIPAA Settlements for Two Health Companies

Two more health care companies have settled potential violations of the HIPAA Privacy and Security Rules arising from the theft of unencrypted laptops by paying a total of almost $2 million and agreeing to continued oversight by the HHS Office for Civil Rights (OCR). In both instances, the breaches were self-reported and the settlements resulted … Continue Reading

CMS Posts Final HIPAA Administrative Simplification Transaction Testing Checklists

CMS has released additional tools to help health plans, vendors, and providers prepare to demonstrate that they are compliant with Administrative Simplification Transaction Testing standards and operating rules and that they have completed end-to-end testing with their trading partners. Specifically, CMS has released payer, large provider, small provider, vendor-to-provider, and vendor-to-payer checklists to assist these … Continue Reading

Final HIPAA Rule Gives Patients Right to Access Test Results Directly from Labs

On February 6, 2014, the Department of Health & Human Services (HHS) published a final rule making changes to the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations to provide individuals with a greater ability to directly access their laboratory test reports. The rule is … Continue Reading
LexBlog