Physician Law Blog

At the end of April, the U.S. Department of Health & Human Services (HHS), through the Office for Civil Rights (OCR), issued a Final Rule to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to support reproductive health care privacy. This is one of many actions taken by HHS in response to the Supreme Court’s decision in Dobbs. This update comes at a critical time when reproductive rights are under intense scrutiny and varying state laws create a complex landscape for patients and providers.    

Changes to HIPAA are be on the way. Providers need to consider these changes to best prepare and implement best practices.

The Centers for Medicare & Medicaid Services (CMS), The Health and Human Services Department (HHS), as well as other health related federal agencies, have continued to waive requirements, or expand services and benefits in an effort to help contain the COVID-19 virus.

Earlier this week, the University of Texas MD Anderson Cancer Center was ordered to pay a staggering $4,348,000.00 in order to resolve HIPAA violations from data breaches occurring in 2011, 2012, and 2013.The extremity of the penalties is explained by the fact that the data breaches were completely preventable. Generally, covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA) are required to ensure confidentiality, integrity, and availability of all electronic protected health information (ePHI) that is created, received, maintained, or transmitted, and protect that information from reasonably anticipated threats and impermissible uses.