Legal Health Information Exchange

Latest from Legal Health Information Exchange

A federal district judge has granted preliminary injunctive relief to Real Time Medical Systems, Inc. (“Real Time”) barring the defendant, PointClickCare (“PCC”), from deploying unsolvable CAPTCHAs that interfered with Real Time’s ability to access the data of its skilled nursing facility customers that utilized PCC.  As Judge Xinis wrote in the opinion,“No evidence supports that

June 25, 2024 has arrived! This means that the Final Rule for HIPAA Privacy to Support Reproductive Health Care Privacy is officially in effect, and HIPAA covered entities and business associates may now begin implementing its new requirements! The deadline to comply with almost all of the new regulatory requirements pertaining to requests for PHI

On May 31, 2024, the Office of Civil Rights (OCR) released “updates” to its HIPAA FAQs regarding the Change Healthcare cybersecurity incident. In its Press Release, OCR pointed out that it updated its FAQs to specifically address questions it has been receiving concerning who is responsible for performing breach notification to HHS, affected individuals, and (where applicable)

  • The New Jersey Data Privacy Act (NJDPA) was enacted on January 16, 2024 and will affect individuals, or legal entities that process personal data, and entities that process data on their behalf.
  • Although “protected health information” (“PHI”) collected by a covered entity or business associate (as defined by HIPAA) is excluded from this new law,

  • As HHS is actively enforcing its new guidance and HIPAA interpretation against hospitals across the country, the federal government’s own healthcare providers continue to use online tracking technologies on their websites.
  • AHA asserts that OCR’s Guidance on Online Technologies harms the very people it purports to protect,” and that “[t]he federal government’s repeated threats to

  • HHS publishes its Proposed Rule “Establishment of Disincentives for Health Care Providers that Have Committed Information Blocking.” Download it here.
  • It’s not time to be spooked, just yet, about these potential information blocking disincentives. Enforcement could be limited.
  • Information Blocking requires providers to “know” that a practice that interferes with the access and use of

  • The Minnesota Supreme Court has held that HIPAA “authorizes” disclosures for purposes of the Minnesota Health Records Act, and so consent was not required for a hospital to disclose certain individually identifiable health information to its institutionally related foundation for fundraising purposes.
  • A copy of Minnesota Supreme Court Case can be downloaded here.
  • The

  • OCR reaches a new $1.3 million dollar settlement with a health plan for HIPAA violations.
  • OCR says, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.”
  • Employers that offer Employee Benefits must evaluate if they are responsible for a health