Health Information Privacy & Security
Viewpoints
Filter by:
The Ongoing US Vaccine Passport Debate
April 29, 2021 | Blog | By Lara Compton, Bridgette Keller
One main principle among public health measures is to use the least restrictive method necessary to protect the population, or to do the greatest good. From the public health perspective, requiring COVID status credentials (“Credentials”) makes sense because it allows people who present a low risk to others to not be subject to unnecessary restrictions. However, implementation and use of Credentials will require careful consideration of individual privacy concerns, as well as the ethical questions related to access and additional privilege.
Read more
HHS Keeps On Sprinting with Proposed Modifications to the HIPAA Privacy Rule
December 14, 2020| Blog|
Health Law Diagnosed — HIPAA Compliance Yesterday, Today and Tomorrow
December 3, 2020| Podcast|
OCR Updates Guidance to Clarify That Health Plans May Contact Recovered COVID-19 Patients About Plasma Donation
August 25, 2020 | Blog
As we discussed in our previous blog post, the Department of Health and Human Services’ Office for Civil Rights (OCR) released guidance this past June to address how health care providers could contact, in a HIPAA-compliant manner, recovered COVID-19 patients to provide them with information about donating blood and plasma to potentially help other COVID-19 patients. On August 24, OCR released an updated version of that guidance to address similar communications from health plans. The amended guidance provides that health plans may also reach out to recovered COVID-19 patients about blood and plasma donation, subject to the same restrictions applicable to health care providers.
Read more
In Case You Missed It: COVID-19 Webinars to Keep You Informed
April 24, 2020 | Blog
The ongoing COVID-19 pandemic has introduced uncertainty and unique challenges in nearly every aspect of life. During this unprecedented time, Mintz is working to keep our clients and community informed and empowered to navigate this new world. To that end, we’ve created a number of webinars on a variety of COVID-19-related topics of interest to health care industry stakeholders. In case you missed them, here’s a highlights reel of what we’ve covered so far – just click on the links below to access the webinar recordings.
Read more
HIPAA Compliance in a National Emergency: What Does It Look Like in Real Life?
March 18, 2020| Blog|
Artificial Intelligence in Health Care
February 5, 2020| Blog|
Three Things to Learn from Delaware Supreme Court’s Opinion on Board of Director Oversight Duties (Marchand v. Barnhill)
August 6, 2019 | Blog
In June 2019, the Delaware Supreme Court issued a decision reaffirming a risk of director liability where there is no board-level reporting process for essential compliance matters. The facts of the case arise from a 2015 listeria outbreak at Blue Bell manufacturing which resulted in the death of three people. The Delaware case reaffirmed the position that directors may be subject to liability if the director “(1) completely fail[ed] to implement any reporting or information system or controls, or (2) having implemented such a system or controls, consciously fail[ed] to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”
Read more
Another Chance for HIPAA and Part 2 Harmony?
July 22, 2019 | Blog | By Dianne Bourque
There are reports that HHS plans to issue a proposed rule next month, which would again amend 42 CFR Part 2 (“Part 2”) and modify how the medical records of patients with substance abuse disorders are currently shared between providers. Part 2 amendments, especially amendments to align Part 2 with the Health Insurance Portability and Accountability Act (“HIPAA”), would be welcome news to the many stakeholders in the industry who have repeatedly voiced their concerns regarding the regulatory hurdles that surround the disclosure of drug and alcohol treatment records.
Read more
HIPAA Updates: New Guidance for Business Associates and Continued Data Breaches
June 10, 2019 | Blog
The HHS Office for Civil Rights (OCR) released a new guidance document regarding which HIPAA violations business associates (BAs) can and cannot be held directly liable for. In the guidance, OCR states that BAs can be held directly liable for a list of 10 violations but notes that certain other violations, like the reasonable cost requirement for a patient’s access to their PHI, cannot be enforced directly by OCR against a BA. The covered entity (CE) is still on the hook for violations of this type, however, so CEs should carefully review their BAAs to ensure that it covers requirements that don’t directly apply to BAs but are still enforceable against CEs. Large data breaches also continue to dominate the press.
Read more
EMR Company Suffers Double Whammy After HIPAA Breach
June 5, 2019 | Blog
Medical Informatics Engineering, Inc. (Medical Informatics) and its wholly-owned subsidiary, NoMoreClipboard, LLC, an electronic medical record and software services provider is now liable for a combined total of $1 million to both the federal and state governments after hackers accessed approximately 3.5 million patients’ health records in 2015. The breach, reported to OCR on July 23, 2015, occurred through a compromised user ID and password. Compromised patient information included social security numbers, names, email addresses, health insurance policy information, addresses, dates of birth, and clinical information.
Read more
Health Care & Cybersecurity: A Powerful Combination
May 14, 2019| Blog|
Latest HIPAA Breach Involves Medical Records Hack of Business Associate
March 6, 2019 | Blog
AltaMed Health Services (AltaMed) and California Physicians Services (doing business as Blue Shield of California (BSC)) recently received notice from their business associate, Sharecare Health Data Services (SHDS), of a hack of SHDS’s network that stores patients’ medical records. The hacker was able to acquire and/or access patients’ protected health information (PHI) contained in the medical records kept by SHDS on behalf of AltaMed and BSC. The breach of AltaMed’s data was discovered on June 22, 2018, and the breach for BSC was discovered a few days later on June 26, 2018. Upon investigation, however, officials determined that both breaches went undetected for over a month and actually began on May 21, 2018.
Read more
HIPAA and Health Care Data Privacy - 2018 Year-in-Review
January 4, 2019 | Blog
Today, we’re looking back at HIPAA and other privacy and security developments in 2018. This past year saw continued HIPAA enforcement (including the largest ever fine for a HIPAA breach), reminders from the OCR on best practices for HIPAA compliance, and updates to state and international privacy and security laws. We’ll also look ahead to 2019, which could bring several significant changes to HIPAA, such as reducing the burdens for sharing patient information in order to promote care coordination and better patient outcomes.
Read more
HIPAA Penalties For Failure to Cut Off Access To Former Employee
December 12, 2018 | Blog
It has been a busy few weeks for HIPAA enforcement. On Tuesday, the Office for Civil Rights announced its third resolution of a HIPAA breach in as many weeks. In this latest matter, OCR announced that Pagosa Springs Medical Center (PSMC), a critical access hospital in Colorado, has agreed to both pay $111,400 to the Office for Civil Rights (OCR) as well as adopt a comprehensive, two-year corrective action plan (CAP) to address and settle potential HIPAA violations.
Read more
Explore Other Viewpoints:
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Artificial Intelligence
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Cross-Border Asset Recovery
- Debt Financing
- Direct Investing (M&A)
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Growth Equity
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Pharmacy Benefits and PBM Contracting
- Portfolio Companies
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Technology, Communications & Media Litigation
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology