Health Law

Institutions

Blog

HIPAA, HITECH and Health Information Technology Blog

William Maruca, Michael Kline and Elizabeth Litten maintain a blog that provides information regarding current legal and practical issues that health care providers and business must consider with regard to the exchange of health information, including the use of electronic health records (EHR). The HIPAA Privacy Rule and Security Rule requirements are among the legal standards with which there must be compliance when utilizing EHR, as well as sharing and exchanging health information in general. This blog also considers possible solutions to maneuver the legal and other barriers to establishing an EHR system and infrastructures for the beneficial exchange of health information.

View the HIPAA, HITECH and Health Information Technology Blog

Recent Blog Posts

  • Equifax Breach Checker – Curiosity May Have a Cost (But it’s Refundable) Individuals who have received notice of a HIPAA breach are often offered free credit monitoring services for some period of time, particularly if the protected health information involved included social security numbers.  I have not (yet) received such a notice, but was concerned when I learned about the massive Equifax breach (see here to view a post on this topic on our Privacy Compliance and Data Security blog). The Federal Trade Commission’s Consumer Information page sums it up well: If you have... More
  • Electronic Health Records and HIPAA Security: A Design Problem Fixable With Blockchain Technology?   In some respects, HIPAA has had a design problem from its inception. HIPAA is well known today as the federal law that requires protection of individually identifiable health information (and, though lesser-known, individual access to health information), but privacy and security were practically after-thoughts when HIPAA was enacted back in 1996. HIPAA (the Health Information Portability and Accountability Act) was originally described as an act: To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance... More
  • Ten Tips for Actions by a Covered Entity after a HIPAA Breach by a Business Associate   This blog recently discussed tips for a covered entity (CE) in dealing with a HIPAA business associate (BA). Now, even though you have adopted all of the tips and more, in this dangerous and ever more complex data security world, one of your BAs suffers a breach and it becomes your responsibility as the victim CE to respond. What should you do? Our partner Elizabeth Litten and I discussed aspects of this issue with our good friend Marla Durben Hirsch who... More
  • Washington State Passes Law Restricting Commercial Collection, Storage and Use of Biometric Data On July 23, 2017, Washington State will become the third state (after Illinois and Texas) to statutorily restrict the collection, storage and use of biometric data for commercial purposes. The law focuses on “biometric identifiers,” which it defines as “data generated by automatic measurements of an individual’s biological characteristics, such as a fingerprint, voiceprint, eye retinas, irises, or other unique biological patterns or characteristics that is used to identify a specific individual.” Notably for our readers, the law excludes all photos,... More
  • 6 Takeaways from Memorial Hermann HIPAA Settlement: Press Releases Lead to $2.4 Million Payout Post Contributed by Matthew J. Redding. On April 26, 2017, Memorial Hermann Health System (“MHHS”) agreed to pay the U.S. Department of Health and Human Services (“HHS”) $2.4 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule. The underlying incident occurred in September of 2015, when a patient presented a falsified Texas driver’s license to MHHS’ staff upon appearing for the patient’s scheduled appointment. MHHS’ staff contacted law enforcement to verify the patient’s identification, and... More
  • Your Business Associates Hold Your HIPAA Compliance Future in Their Hands: Eleven Things You Can Do Our partner Elizabeth Litten and I were recently featured again by our good friend Marla Durben Hirsch in her article in the April 2017 issue of Medical Practice Compliance Alert entitled “Business associates who farm out work create more risks for your patients’ PHI.” Full text can be found in the April, 2017 issue, but a synopsis is below. In her article Marla cautioned, “Fully one-third of the settlements inked in 2016 with OCR [the Office of Civil Rights of the... More
  • Where’s Your Wallet? The Ongoing Saga of FTC v. LabMD (Part 2 of 2) It was the wallet comment in the response brief filed by the Federal Trade Commission (FTC) in the U.S. Court of Appeals for the 11th Circuit that prompted me to write this post. In its February 9, 2017 filing, the FTC argues that the likelihood of harm to individuals (patients who used LabMD’s laboratory testing services) whose information was exposed by LabMD roughly a decade ago is high because the “file was exposed to millions of users who easily could... More
  • Charges for Copies of Medical Records may Violate HIPAA, Despite Compliance with State Law A patient requests a copy of her medical record, and the hospital charges the per-page amount permitted under state law. Does this violate HIPAA? It may. In the spring of 2016, the Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services, the agency that enforces HIPAA, issued a new guidance document on individuals’ right to access their health information under HIPAA (“Access Guidance”).   The Access Guidance reminds covered entities that state laws that provide individuals with... More
  • Will the New Administration Trump Efforts to Forecast 2017 Healthcare Trends? As she has done in January for several years, our good friend Marla Durben Hirsch quoted my partner Elizabeth Litten and me in Medical Practice Compliance Alert in her article entitled “MIPS, OSHA, other compliance trends likely to affect you in 2017.” For her article, Marla asked various health law professionals to make predictions on diverse healthcare matters including HIPAA and enforcement activities. Full text can be found in the January 2017 issue, but excerpts are included below. Marla also wrote... More
  • From the Wild West to Westworld and (Maybe) Back to Normal – the Ongoing Saga of LabMD (Part 1 of 2) It was nearly three years ago that I first blogged about the Federal Trade Commission’s “Wild West” data breach enforcement action brought against now-defunct medical testing company LabMD.   Back then, I was simply astounded that a federal agency (the FTC) with seemingly broad and vague standards pertaining generally to “unfair” practices of a business entity would belligerently gallop onto the scene and allege non-compliance by a company specifically subject by statute to regulation by another federal agency. The other agency,... More