Skip to main content

Health Information Privacy & Security

Viewpoints

Filter by:

Health Care Viewpoints Thumbnail
The United States Department of Health and Human Services (HHS) and Centers for Medicare and Medicaid Services (CMS) leadership announced during last week’s HIMSS 2022 Conference that the agencies will be focusing on information blocking enforcement for the remainder of 2022. This blog post discusses the importance of closing the enforcement gap and the development of disincentives for health care providers. 
Read more
Health Care Viewpoints Thumbnail
Health care providers, health information networks, health information exchanges, and health IT developers of certified health IT will want to take note of the information blocking claim submission trends recently published by the Office of the National Coordinator for Health Information Technology (ONC).
Read more
Webinar Reference Image

Webinar Recording: Health Care Enforcement Year in Review & 2022 Outlook

February 16, 2022 | Webinar | By Grady Campion, Randy Jones, Samantha Kingsbury, Karen Lovitch, Kevin McGinty

In our annual webinar, Mintz’s Health Care Enforcement Defense team reviewed the key health care fraud enforcement developments and trends from 2021, assessed their likely impact in 2022, and provided recommendations to avoid government scrutiny.
Read more
Health Care Viewpoints Thumbnail

Information Blocking Rule: Key Considerations for 2022

December 29, 2021 | Blog | By Pat Ouellette

While the Office of the National Coordinator for Health Information Technology (ONC) issued the 21st Century Cures Act; Interoperability, Information Blocking, and the ONC Health IT Certification Program (Information Blocking Final Rule) back in May 2020, many entities are still parsing out compliance strategies and seeking additional regulatory guidance to understand how the rule will be enforced. Broadly-speaking, information blocking is a practice that is likely to interfere with, prevent, or discourage access, exchange, or use of electronic health information (EHI). For example, a health system might require patient written consent before sharing the patient’s EHI with unaffiliated providers. Another example of information blocking is that a health IT developer might charge a fee to a health care provider to perform an export of EHI so that the provider can switch to a different health IT platform.
Read more
Health Care Viewpoints Thumbnail

California’s Senate Bill 41: The Genetic Information Privacy Act

October 19, 2021 | Blog | By Stephnie John, Lara Compton

Our previous blog post on pending California privacy legislation included a prediction that has since materialized: Governor Newsom signed the Genetic Information Privacy Act (“GIPA”) on October 6, 2021, and the law will go into effect on January 1, 2022. GIPA establishes a number of mechanisms to close the existing gap in the protection of genetic information under the current framework of federal and state privacy laws. As discussed in our earlier post, GIPA contains a robust penalty structure, but it includes a number of carve-outs and does not apply to entities already subject to regulation under other health information privacy laws. Notably, GIPA does not reduce or eliminate obligations under other laws, including California’s more broadly applicable consumer privacy laws, such as the CCPA and breach notification statute, as recently amended by AB 825. Given Governor Newsom’s former concern about GIPA’s interference with mandatory COVID-19 testing reporting, the law also does not apply to tests that are conducted exclusively to diagnose whether an individual has a specific disease.
Read more
Health Care Viewpoints Thumbnail

California Health Privacy Information Legislation Update

September 22, 2021 | Blog | By Lara Compton, Stephnie John

When it comes to the privacy of health information, California belongs to the select group of states that have implemented broad consumer privacy protections above and beyond those provided by the federal Health Insurance Portability and Accountability Act (HIPAA) and the Federal Trade Commission Act (FTCA). This year, the state’s ongoing legislative efforts to protect the health information of its residents included: Assembly Bill 1436 (AB 1436) which if enacted would have revised California’s existing Confidentiality of Medical Information Act (CMIA), and Senate Bill 41 (SB 41), which if enacted will create the new Genetic Information Privacy Act (GIPA). As further discussed below, only SB 41 is moving forward, and if signed by Governor Newsom GIPA will go into effect on January 1, 2022.
Read more
Health Care Viewpoints Thumbnail

The Ongoing US Vaccine Passport Debate

April 29, 2021 | Blog | By Lara Compton, Bridgette Keller

One main principle among public health measures is to use the least restrictive method necessary to protect the population, or to do the greatest good. From the public health perspective, requiring COVID status credentials (“Credentials”) makes sense because it allows people who present a low risk to others to not be subject to unnecessary restrictions. However, implementation and use of Credentials will require careful consideration of individual privacy concerns, as well as the ethical questions related to access and additional privilege.
Read more
Health Care Viewpoints Thumbnail
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that it will exercise its enforcement discretion for health care providers’ and their business associates’ noncompliance with the HIPAA rules with respect to their good faith use of online or web-based scheduling applications for scheduling COVID-19 vaccination appointments. OCR will not impose penalties for such noncompliance during the COVID-19 nationwide public health emergency.
Read more
Health Care Viewpoints Thumbnail
The Department of Health and Human Services (HHS) is pushing ahead in its Regulatory Sprint to Coordinated Care with a new proposed rule, announced by HHS’ Office for Civil Rights on December 10, to modify the HIPAA Privacy Rule. This proposed rule follows HHS’ 2018 Request for Information on Modifying HIPAA Rules to Improve Coordinated Care, which sought to identify regulatory impediments to value-based care presented by HIPAA. With this proposed rule, HHS aims to “reduce burden on providers and support new ways for them to innovate and coordinate care on behalf of patients, while ensuring that [HHS] uphold[s] HIPAA’s promise of privacy and security,” according to HHS Deputy Secretary Eric Hargan. It would achieve these objectives through a variety of updates to the Privacy Rule, which we highlight in this blog post, along with initial reactions from our HIPAA privacy team.
Read more
Podcast Viewpoint Image
In the inaugural episode of Mintz’s Health Law Diagnosed, Dianne Bourque (Member, Mintz Health Law Practice) discusses why HIPAA is so engrained in our collective consciousness, how it was already equipped to handle public health emergencies, and the important changes made over the last several months to address the COVID-19 outbreak.
Read more
Health Care Viewpoints Thumbnail
As we discussed in our previous blog post, the Department of Health and Human Services’ Office for Civil Rights (OCR) released guidance this past June to address how health care providers could contact, in a HIPAA-compliant manner, recovered COVID-19 patients to provide them with information about donating blood and plasma to potentially help other COVID-19 patients. On August 24, OCR released an updated version of that guidance to address similar communications from health plans. The amended guidance provides that health plans may also reach out to recovered COVID-19 patients about blood and plasma donation, subject to the same restrictions applicable to health care providers.
Read more
Health Care Viewpoints Thumbnail
On August 4, CMS posted a proposed rule on CY 2021 Payment Policies, which included important updates about the expansion of Medicare covered telehealth services due to the COVID-19 pandemic. Here, we cover this and other important developments related to telehealth access during the pandemic and beyond.
Read more
Health Care Viewpoints Thumbnail
Late last week, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance aimed at “making sure misconceptions about HIPAA do not get in the way of a promising COVID-19 response,” according to OCR Director Roger Severino. That “promising response” relates to emerging evidence that plasma from recovered patients (often referred to as “convalescent plasma”) may contain antibodies to SARS-CoV-2, the virus that causes COVID-19. Those antibodies could be useful in treating individuals who are sick with COVID-19. The OCR’s guidance addresses how health care providers may contact, in a HIPAA-compliant manner, recovered COVID-19 patients to provide them with information about donating blood and plasma to potentially help other COVID-19 patients.
Read more
Health Care Viewpoints Thumbnail
The ongoing COVID-19 pandemic has introduced uncertainty and unique challenges in nearly every aspect of life. During this unprecedented time, Mintz is working to keep our clients and community informed and empowered to navigate this new world. To that end, we’ve created a number of webinars on a variety of COVID-19-related topics of interest to health care industry stakeholders. In case you missed them, here’s a highlights reel of what we’ve covered so far – just click on the links below to access the webinar recordings.
Read more
Health Care Viewpoints Thumbnail
Amidst the novel coronavirus (COVID-19) outbreak, the Secretary of the U.S. Department of Health and Human Services (HHS), Alex M. Azar, took steps on March 15, 2020, to waive sanctions and penalties related to certain provisions of the HIPAA Privacy Rule (the “Waiver”). However, the HIPAA Privacy Rule is not suspended, and the Waiver only applies: (1) in the emergency area identified in the public health emergency declaration; (2) to hospitals that have instituted a disaster protocol; and (3) for up to 72 hours from the time the hospital implements its disaster protocol. To demonstrate how the Privacy Rule and Waiver provisions work in real life, let’s look at an example: A patient at a hospital reports contact with a confirmed COVID-19 diagnosis. How can this information be shared?
Read more
Practice Hero Artificial-Intelligence Mintz
Artificial Intelligence is a growing part of our day-to-day life. And AI promises to improve our health care system. ML Strategies Vice President Christian Tomatsu Fjeld recently sat down with other experts for a panel discussion hosted by the San Francisco Business Times to discuss AI and some business and policy considerations across multiple industries. This viewpoint considers some of the impacts on health care specifically, and links out to the panel's discussion.
Read more
Health Care Viewpoints Thumbnail
On August 22, the Substance Abuse and Mental Health Services Administration (“SAMHSA”) announced a new proposed rule (the “Proposed Rule”) amending 42 CFR part 2 (“Part 2”), which is aimed at protecting patient records created by federally funded programs for the treatment of substance use disorder (“SUD”). The Proposed Rule is aimed at alleviating these concerns within the constraints of the underlying statute, while also addressing the increasingly urgent need to streamline SUD services in light of the opioid epidemic. Here we’ll discuss some of the major changes under the Proposed Rule while highlighting the challenges that remain.
Read more
Health Care Viewpoints Thumbnail
In June 2019, the Delaware Supreme Court issued a decision reaffirming a risk of director liability where there is no board-level reporting process for essential compliance matters.  The facts of the case arise from a 2015 listeria outbreak at Blue Bell manufacturing which resulted in the death of three people. The Delaware case reaffirmed the position that directors may be subject to liability if the director “(1) completely fail[ed] to implement any reporting or information system or controls, or (2) having implemented such a system or controls, consciously fail[ed] to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”  
Read more
Health Care Viewpoints Thumbnail

Another Chance for HIPAA and Part 2 Harmony?

July 22, 2019 | Blog | By Dianne Bourque

There are reports that HHS plans to issue a proposed rule next month, which would again amend 42 CFR Part 2 (“Part 2”) and modify how the medical records of patients with substance abuse disorders are currently shared between providers. Part 2 amendments, especially amendments to align Part 2 with the Health Insurance Portability and Accountability Act (“HIPAA”), would be welcome news to the many stakeholders in the industry who have repeatedly voiced their concerns regarding the regulatory hurdles that surround the disclosure of drug and alcohol treatment records.
Read more
Health Care Viewpoints Thumbnail
The HHS Office for Civil Rights (OCR) released a new guidance document regarding which HIPAA violations business associates (BAs) can and cannot be held directly liable for.  In the guidance, OCR states that BAs can be held directly liable for a list of 10 violations but notes that certain other violations, like the reasonable cost requirement for a patient’s access to their PHI, cannot be enforced directly by OCR against a BA.  The covered entity (CE) is still on the hook for violations of this type, however, so CEs should carefully review their BAAs to ensure that it covers requirements that don’t directly apply to BAs but are still enforceable against CEs.  Large data breaches also continue to dominate the press.
Read more
Sign up to receive email updates from Mintz.
Subscribe Now

Explore Other Viewpoints: