-
OCR recently submitted a report to Congress setting forth the HIPAA breaches and complaints reported in 2020 as well as the enforcement actions taken by OCR. For 2020, OCR reported 656 notifications of breaches affecting 500 or more individuals, 66,509 notifications of breaches affecting fewer than 500 individuals, and 27,182 complaints alleging violations of HIPAA and the HITECH Act.
-
HHS recently issued guidance about HIPAA compliance when information must be released in conjunction with an extreme risk protection order. The guidance will be useful for risk managers and compliance officers, but may present some challenges when trying to adhere to HIPAA restrictions.
-
The HR 7898 HIPAA Safe Harbor Law, enacted in 2021, created a “safe harbor” for HIPAA-covered entities and their business associates when potentially facing fines and other penalties under HIPAA. But there are nuances to the law that risk managers and compliance officers must consider.
-
The dramatic increase in the use of telemedicine is raising concerns about the potential for malpractice issues related to this form of caregiving, with some experts cautioning a wave of lawsuits could be on the way. Adherence to key principles of patient safety and risk management can reduce the risk.
-
Employees and employers frequently believe HIPAA comes into play when asking about an individual’s vaccination status. It almost always does not. Although some states are considering legislation designating vaccination status as a separate protected class, private employers generally are free to ask employees about their vaccination status without running afoul of HIPAA or federal employment laws.
-
Proposed changes to HIPAA and HITECH may affect covered entities and business associates in 2022. Now is the time to consider any effects, and respond accordingly. The modifications could require updates to policies and procedures, notices of privacy practices, forms, business associate agreements, and other HIPAA-related compliance issues.
-
Risk managers and compliance officers for HIPAA-covered entities might be uncertain about what the privacy law requires regarding records retention because medical records, HIPAA records, federal laws, and state laws become entangled. Clarity on HIPAA records retention might relieve some burden so that covered entities are not doing more than necessary just to ensure compliance.
-
Covered entities may have found themselves breathing a sigh of relief following a recent decision from the U.S. Court of Appeals for the 4th Circuit. In Payne v. Taslimi (998 F.3d 648), the court ruled the plaintiff could not sue as an individual for a HIPAA violation. However, the ruling is not necessarily a complete win for healthcare organizations.
-
Cyberattacks are a major threat to healthcare organizations, with the potential for HIPAA data breaches, the loss of critical patient data, the inability to provide care, and substantial financial losses from ransoms and litigation. The White House is urging hospitals and health systems to take specific steps to improve cybersecurity.
-
Healthcare professionals can find themselves in a quandary when they want to report fraud or other concerns within their organizations because doing so could require disclosure of protected health information. That could seem like a HIPAA violation; fortunately, there is a whistleblower exception that covers this scenario.