The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently issued new guidance on its HIPAA FAQs webpage regarding permissible use and disclosures of protected health information (PHI) by health plans for purposes of care coordination and continuity of care. Health plans are covered entities under HIPAA.

The guidance explains that,

FiercePharma reports that patients in doctor’s office waiting rooms who use the office Wi-Fi network may now receive targeted pharmaceutical ads on their smartphones. Semcasting, Inc., a Massachusetts-based data provider, uses a technology called Smart Zones that can deliver messages to the entire audience at a business’s IP address.

The digital ad delivery is far

Rivkin Radler’s Eric Fader and Margarita Christoforou edited the “Health Care Privacy and the Health Insurance Portability and Accountability Act of 1996” chapter in the June 2019 edition of the Thomson Reuters Data Security and Privacy Law treatise. Eric has edited this chapter of the treatise since its 2014 edition.

New material in this year’s

The U.S. Department of Health and Human Services (HHS) announced on May 23 that Medical Informatics Engineering, Incorporated (MIE), an Indiana-based online electronic health records company, had agreed to pay HHS’s Office for Civil Rights (OCR) $100,000 to settle HIPAA violations. MIE’s April 23 Resolution Agreement with HHS also provided for the company to enter

Touchstone Medical Imaging has agreed to pay $3 million to settle HIPAA violations after an unsecured computer server exposed the medical records of 300,000 patients on Google in 2014. The U.S. Department of Health and Human Services (HHS) announced the settlement on May 6. Touchstone, based in Franklin, Tennessee, provides diagnostic imaging services in Nebraska,

The U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) recently issued five new FAQs pertaining to software applications that obtain individuals’ electronic protected health information (ePHI). The FAQs describe various scenarios in which HIPAA covered entities may transmit ePHI to apps, including fitness trackers and other wearables.

In short, a covered entity

The U.S. Department of Health and Human Services (HHS) has revised the potential monetary penalties that may be imposed on healthcare providers, health plans and business associates for HIPAA violations. HHS’s notice of enforcement discretion, issued on April 26, reduces the maximum annual penalty for less-severe violations from $1.5 million to as low as $25,000.

The

Amazon announced in a blog post on April 4 that its Alexa voice assistant’s operating environment now complies with HIPAA. Companies that build functions, or skills, for Alexa will now be able to create skills that involve the transmission of users’ protected health information.

The initial group of six participants in an invitation-only program includes

An article in the March issue of Healthcare Risk Management discussed a Request for Information (RFI) released in December by the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR). The RFI, which seeks public input on how the HIPAA rules may be modified to promote coordinated, value-based healthcare, was previously discussed

Yesterday’s Rivkin Rounds post discussed the Proposed Rule on information blocking recently released by the Office of the National Coordinator for Health Information Technology (ONC). The Centers for Medicare & Medicaid Services (CMS) simultaneously released its own 251-page Proposed Rule, addressing some of the same concerns but focused on interoperability and patients’ access to their