HIPAA

The New Jersey Attorney General’s Office announced on October 12 that Diamond Institute for Infertility and Menopause, LLC, based in Millburn, NJ, will pay a $495,000 penalty for allegedly violating HIPAA and state law by failing to implement appropriate cybersecurity measures. The New Jersey Department of Law & Public Safety’s Division of Consumer Affairs investigated

On September 30, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that it issued guidance to clarify that the HIPAA Privacy Rule does not prohibit businesses from asking customers, clients or employees to disclose their COVID-19 vaccination status. OCR felt compelled to weigh in after chronic widespread ignorance of

The Federal Trade Commission (FTC) recently issued a policy statement confirming that vendors of apps and other connected devices that collect personal health information, such as glucose levels, heart rate, or fertility or sleep data, are subject to the FTC’s Health Breach Notification Rule. The rule, issued in 2009, requires vendors to notify consumers

Connecticut Governor Ned Lamont recently signed into law “An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses” (Public Act No. 21-119). Under the Act, “covered entities” that implement certain cybersecurity measures to protect against data breaches of “personal information” and “restricted information” will be insulated against the imposition of punitive damages arising

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has pursued its HIPAA Right of Access Initiative since 2019. OCR’s 19th settlement under the initiative, with The Diabetes, Endocrinology & Lipidology Center, Inc. (DELC), curiously resulted in only a $5,000 fine. The West Virginia provider treats patients who have endocrine disorders.

On April 6, Rivkin Radler’s Ben Malerba gave a presentation to members of the Coalition for Behavioral Health. The presentation was entitled “HIPAA in an Evolving Health Care Environment: Proposed Changes for 2021 and Response to COVID-19.”

The Coalition for Behavioral Health provides policy, advocacy, training and technical assistance to more than 100 community-based behavioral

A March 24 article in Wolters Kluwer’s Health Law Daily, “STRATEGIC PERSPECTIVES: Pandemic response, fraud and abuse top Biden’s enforcement priorities,” quoted healthcare industry experts who predict increased enforcement in the areas of fraud and abuse, False Claims Act (FCA) cases, and pandemic-related waivers. Rivkin Radler’s Robert Hussar was quoted in the

A March 11 article in the Health Care Compliance Association’s Report on Patient Privacy, “In Wake of 16th OCR Settlement, Time For CEs, BAs to Take Right of Access Seriously,” discussed the Right of Access Initiative that the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has been pursuing since

For those providers who somehow missed or ignored the first 15 settlements in the series, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced that Sharp HealthCare, doing business as Sharp Rees-Stealy Medical Centers, agreed to pay a $70,000 fine for failing to provide a patient with timely access

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced the 14th settlement in its ongoing HIPAA Right of Access Initiative. Banner Health, a Phoenix-based health system that operates 30 hospitals and many other healthcare facilities, agreed to pay $200,000 for failing to provide patients with timely access to their medical