protected health information

On June 29, 2022, the U.S. Department of Health & Human Services’ Office for Civil Rights (“OCR”) issued two pieces of guidance clarifying the applicability of the Health Insurance Portability and Accountability Act (“HIPAA”) related to privacy of information connected to an individual’s reproductive health. 

Through this guidance, HIPAA addresses both protected health information (“PHI”), which is subject to HIPAA’s rules, as well as general, personal information that is not directly protected by HIPAA.

Continue Reading New Guidance by OCR addresses HIPAA and Disclosures of Information relating to Reproductive Health

According to the Centers for Disease Control and Prevention, firearm injuries are a serious public health problem in the United States. To combat this problem, many states have passed extreme risk protection order (“ERPO”) laws, otherwise known as “red flag laws.”

ERPO laws allow various individuals, including family members, health care providers, and law enforcement

This month the HHS Office for Civil Rights (OCR) has launched an initiative “to more widely investigate the root causes” of HIPAA breaches affecting fewer than 500 individuals, according to an August 18, 2016 OCR email announcement. While Regional Offices will retain discretion to prioritize investigation of smaller breaches, each office is directed to “increase

The Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposed rule on February 9, 2016 that is intended to modernize regulations governing the confidentiality of substance abuse records to ensure that patients with substance use disorders have the ability to participate in new integrated health care models that emphasize coordinated care while addressing

HHS has developed a Security Risk Assessment (SRA) tool to help providers comply with a Health Insurance Portability and Accountability Act (HIPAA) requirement that covered entities conduct a risk assessment to ensure compliance with HIPAA’s administrative, physical, and technical safeguards and to determine where electronic protected health information could be at risk. The SRA tool is

This post was also written by Elizabeth D. O’Brien.

On January 25, 2013, the HHS Office for Civil Rights published its long-awaited final rule implementing major changes to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules mandated by the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act). Among other

The Office for Civil Rights (“OCR”) of the Department of Health and Human Services released today the long awaited, and much anticipated, omnibus final rule modifying the HIPAA Privacy, Security, Breach and Enforcement Rules. The final rule, which implements the statutory requirements of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and the Genetic Information Nondiscrimination Act (“GINA”), is comprised of four final rules and addresses the July 2010 HITECH proposed rule, the Breach Notification and Enforcement interim final rules, as well as the October 2009 GINA proposed rule (collectively, the “HITECH Final Rule”). Notably, the HITECH Final Rule does not address the May 2011 proposed accounting and access report rule.
Continue Reading It’s Here: OCR Releases Long Awaited HIPAA/HITECH Final Rule

The OIG has given the CMS mixed reviews regarding the extent to which it meets American Recovery and Reinvestment Act (Recovery Act) requirements to notify affected beneficiaries when the privacy or security of their protected health information is compromised. In the report, “CMS Response to Breaches and Medical Identity Theft,” the OIG assesses

Reed Smith’s Life Sciences Legal Update blog discusses a recent decision by the United States District Court for the Southern District of Ohio that may make it much harder for qui tam relators to rely upon stolen medical records or patient information in False Claims Act (“FCA”) whistleblower actions. In the decision, Cabotage v. Ohio

The GAO has issued a report entitled “Prescription Drug Data: HHS Has Issued Health Privacy and Security Regulations but Needs to Improve Guidance and Oversight.” The report assesses the extent to which HHS has established a framework to ensure the privacy and security of Medicare beneficiaries’ protected health information when data on prescription

The OIG has released two reports on health information technology (HIT) security issues. The first report is entitled Nationwide Rollup Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight.” The review, involving seven hospital audits, the OIG concluded that CMS’s oversight and enforcement actions were

This post was originally written for the Life Sciences Legal Update blog by Gina M. Cavalier, Vicky G. Gormanly and Brad M. Rostolsky.

Pursuant to the HITECH Act, covered entities and business associates must account for disclosures of PHI for treatment, payment and health care operations if the disclosures are through an electronic health record.