A federal district judge has granted preliminary injunctive relief to Real Time Medical Systems, Inc. (“Real Time”) barring the defendant, PointClickCare (“PCC”), from deploying unsolvable CAPTCHAs that interfered with Real Time’s ability to access the data of its skilled nursing facility customers that utilized PCC. As Judge Xinis wrote in the opinion,“No evidence supports that
Legal Health Information Exchange
Blog Authors
Latest from Legal Health Information Exchange
HIPAA Reproductive Health Care Privacy – Attestation Template, Policy Samples, updated HIPAA policies, a HIPAA-New Jersey Reproductive Health Care Law crosswalk, and more!
June 25, 2024 has arrived! This means that the Final Rule for HIPAA Privacy to Support Reproductive Health Care Privacy is officially in effect, and HIPAA covered entities and business associates may now begin implementing its new requirements! The deadline to comply with almost all of the new regulatory requirements pertaining to requests for PHI…
Who’s On First? Confusion Continues About Who Should be Reporting the Change Healthcare PHI Breaches
On May 31, 2024, the Office of Civil Rights (OCR) released “updates” to its HIPAA FAQs regarding the Change Healthcare cybersecurity incident. In its Press Release, OCR pointed out that it updated its FAQs to specifically address questions it has been receiving concerning who is responsible for performing breach notification to HHS, affected individuals, and (where applicable)…
42 C.F.R. Part 2 Final Rule Amending Privacy of Substance Use Disorder Records Released.
- The Final Rule amending 42 CFR Part 2 finalizes changes that will align uses and disclosures of Part 2 information with HIPAA for treatment, payment and health care operations.
- Part 2 providers and others who must comply with Part 2 and this Final Rule have two (2) years to get into compliance.
- An unofficial copy
…
Meet New Jersey’s Brand New Data Privacy Act and Its Impact on Healthcare Organizations & Others
- The New Jersey Data Privacy Act (NJDPA) was enacted on January 16, 2024 and will affect individuals, or legal entities that process personal data, and entities that process data on their behalf.
- Although “protected health information” (“PHI”) collected by a covered entity or business associate (as defined by HIPAA) is excluded from this new law,
…
American Hospital Association Sues HHS for its HIPAA Online Tracking Guidance
- As HHS is actively enforcing its new guidance and HIPAA interpretation against hospitals across the country, the federal government’s own healthcare providers continue to use online tracking technologies on their websites.
- AHA asserts that OCR’s Guidance on Online Technologies harms the very people it purports to protect,” and that “[t]he federal government’s repeated threats to
…
Hefty Monetary Disincentives Proposed for Health Care Providers Engaged in Information Blocking – But Not Every Provider Is on the Hook.
- HHS publishes its Proposed Rule “Establishment of Disincentives for Health Care Providers that Have Committed Information Blocking.” Download it here.
- It’s not time to be spooked, just yet, about these potential information blocking disincentives. Enforcement could be limited.
- Information Blocking requires providers to “know” that a practice that interferes with the access and use of
…
Minnesota Supreme Court Finds State Law Permits Health Information to be Shared Because HIPAA Authorizes It
- The Minnesota Supreme Court has held that HIPAA “authorizes” disclosures for purposes of the Minnesota Health Records Act, and so consent was not required for a hospital to disclose certain individually identifiable health information to its institutionally related foundation for fundraising purposes.
- A copy of Minnesota Supreme Court Case can be downloaded here.
- The
…
Is Your Organization Paying for the Cost of Health Care? You Might be Responsible for a Health Plan with HIPAA Compliance Obligations.
- OCR reaches a new $1.3 million dollar settlement with a health plan for HIPAA violations.
- OCR says, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.”
- Employers that offer Employee Benefits must evaluate if they are responsible for a health
…
Penalties for Violation of the Information Blocking Rule Start Today!
- OIG’s authority to begin enforcement of the Information Blocking Rule begins September 1, 2023.
- Certain Actors subject to the Information Blocking Rule may be subject up to a $1 million penalty per violation!
- Actors need to be proactive in ensuring their compliance with the Information Blocking Rule and not wait for the OIG to discover
…