Tag Archives: HITECH

Changes to HHS’ Interpretation of HIPAA Civil Monetary Penalties

On Friday April 26, 2019, the US Department of Health and Human Services (“HHS”) issued a notification regarding HHS’ use of Civil Monetary Penalties (“CMP”) under the Health Insurance Portability and Accountability Act (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.

Read more

Read full article

Washington State Considers Comprehensive Data Privacy Act to Protect Personal Information

Washington State is considering sweeping legislation (SB 5376) to govern the security and privacy of personal data similar to the requirements of the European Union’s General Data Protection Regulation (“GDPR”). Under the proposed legislation, Washington residents will gain comprehensive rights in their personal data. Residents will have the right, subject to certain exceptions, to request that data errors be corrected, to withdraw consent to continued processing and to deletion of their data. Residents may require an organization to confirm whether it is processing their personal information and to receive a copy of their personal data in electronic form.

Read more

Read full article

OCR Requests Comments on Ways to Modify HIPAA

On December 14, 2018 the Department of Health and Human Services, Office for Civil Rights (“OCR”) formally issued a Request For Information (“RFI”) seeking public input on “ways to modify the HIPAA Rules to remove regulatory obstacles and decrease regulatory burdens in order to facilitate efficient care coordination and/or case management and to promote the transformation to value-based healthcare, while preserving the privacy and security of PHI.”  OCR is seeking comments for a series of 54 different specific questions (many with additional subparts) corresponding to the following five major topic areas:  (1) the promotion of information sharing for treatment and care coordination; (2) the promotion of parental and caregiver involvement in addressing the opioid crisis and serious mental illness; (3) additional ways to remove regulatory obstacles and burdens to facilitate care coordination and promote value-based health care; (4) an effective means to implement the accounting of disclosures requirement of the HITECH Act; and (5) Notice of Privacy Practices operational practices.

Read more

Read full article

Healthcare Mobile Device Encryption: Is It Required?

Encryption of mobile device technology has become essential in the eyes of the OCR.  Although HIPAA treats encryption as an “addressable” safeguard –as opposed to a “required” safeguard— under the Security Rule, the following OCR settlements involving unencrypted mobile devices indicate that encryption is obligatory for HIPAA compliance. As new technologies emerge and the use […]

The post Healthcare Mobile Device Encryption: Is It Required? appeared first on OMW Health Law.

Read full article

Healthcare Alert: New federal regulations require material changes to notice of privacy practices

On January 25, 2013 the Department of Health and Human Services issued the HIPAA Omnibus Rule, a series of regulations to implement various provisions of the federal law known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”). Included in that rule were requirements affecting Notices of Privacy Practices which healthcare providers and most health plans must adopt and furnish to patients and plan beneficiaries.

All Notices of Privacy Practices must be amended to meet the new requirements. These amendments will constitute material changes to any existing notices. As a result, healthcare providers must post the new notice in a clear and prominent location in their facilities and make the notice available upon request. Health plans must post the new notice prominently on their websites and distribute a copy along with their next annual mailing to plan beneficiaries.

Read full article

The HITECH Act Final Rule’s GINA-Related Modifications to HIPAA

The Genetic Information Nondiscrimination Act of 2008 (GINA) prohibits health insurers and health plans from discriminating against beneficiaries on the basis of genetic information.  The HITECH Act Final Rule makes some important GINA-related changes to HIPAA. In general, the changes related to genetic information are solely of interest to health insurers and health plans.  With […]

For more information please visit www.omwhealthlaw.com or click on the headline above.

Read full article

The HITECH Act Final Rule’s Requirements for Using Health Information for Fundraising Purposes

With the HITECH Act Final Rule’s required revisions to business associate agreements, notices of privacy practices, and breach notification policies, it is easy to miss the Final Rule’s changes to the requirements for the use or disclosure of protected health information (PHI) for fundraising purposes.  The new fundraising requirements under HIPAA and the HITECH Act […]

For more information please visit www.omwhealthlaw.com or click on the headline above.

Read full article

HIPAA Final Rules Eliminates Covered Entities’ Discretion to Comply with Individuals’ Requests for Restriction of PHI Disclosure in Certain Cases

This article marks our first in a series of articles pertaining to the new HIPAA Final Rules implementing the HITECH Act. Before the Final Rule, covered entities  were required under HIPAA to permit individuals to request that covered entities restrict the use or disclosure of protected health information (PHI) for treatment, payment and health care […]

For more information please visit www.omwhealthlaw.com or click on the headline above.

Read full article

Data Privacy and Healthcare Alert: Final Rule implements HITECH revisions to Privacy and Security Rules

The Office for Civil Rights of the Department of Health and Human Services (OCR) issued an omnibus final rule (Final Rule) on January 17, 2013, implementing various provisions of the Health Information Technology for Economic and Clinical Health Act (HITECH Act or HITECH). The Final Rule revises the Privacy, Security and Enforcement Rules that were previously issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the interim final Breach Notification Rule that was previously issued in accordance with the HITECH Act. The Final Rule was published in the Federal Register on January 25, 2013, and is available here.

Read full article

Tracey A. Salinski presents continuing medical education seminar at Chicago Medical Society

Arnstein & Lehr Attorney Tracey A. Salinski

Tracey Salinski

Arnstein & Lehr Chicago Partner Tracey A. Salinski presented a continuing medical education seminar on November 7 at the Chicago Medical Society. Her topic was “Protecting Your Practice Against HIPAA Enforcement in a HITECH World.” Ms. Salinski explained how participants, mainly physicians and practice managers, could modify their current HIPAA policies to comply with the HITECH Act, and how to promote awareness and proper procedures among their staff to improve compliance with the protection and security of PHI (Protected Health Information).

To read the brochure in full, please click here.

Read full article