Lobbying Affiliate: MML&K Government Solutions
{ Banner Image }

Healthcare Law Blog

Comprehensive Healthcare law services.
It's kind of our bag.

Contact Us

* Indicates a required field.

Categories

McBrayer Blogs

Related Blogs

Showing 52 posts in Health Insurance Portability and Accountability Act of 1996 (HIPAA).

OCR Updates HIPAA Audit Protocol for Phase 2

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Recently, the Office of Civil Rights (“OCR”) provided an updated protocol that it will use when assessing compliance with HIPAA rules. OCR recently began Phase 2 of its HIPAA compliance audits, extending coverage of these audits to Business Associates (“BAs”) as well as Covered Entities (“CEs”). Both BAs and CEs should pay particular attention to these revised audit protocols, as they indicate exactly what OCR will be looking for when conducting these audits. More >

HHS Finalizes Exception to HIPAA Privacy Rule for Firearm Background Checks

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA), HIPAA, Mental Health Care

In January of 2016, the Department of Health & Human Services (“HHS”) issued a final rule modifying the HIPAA Privacy Rule.[1] This modification allows certain covered entities to disclose the identities of certain individuals to the National Instant Criminal Background Check System (“NICS”), a database maintained by the FBI. The information disclosed by the entities would pertain to an individual’s mental health, preventing those subject to a federal “mental health prohibitor” from possessing or receiving a firearm. Such a disclosure naturally creates a tension in the patient-provider relationship, however, and critics contend it could potentially discourage mentally ill individuals from seeking treatment.


[1] 45 C.F.R. §164 (2016) More >

New Guidance Maps HIPAA Security Rule to NIST Cybersecurity Framework to Help Providers Manage Cybersecurity Risk

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA), HIPAA

In a world of looming data breaches and significant penalties for the release of protected health information, the complexities of cybersecurity and compliance with the HIPAA Security Rule can be incredibly daunting. In 2014, in response to the growing threat of data breaches, the National Institute of Standards and Technology (“NIST”) released the Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”) as a means to standardize best practices in cybersecurity across organizations. To assist providers with implementing the Framework while remaining in compliance with the HIPAA Security Rule, the Department of Health and Humans Services Office for Civil Rights (“OCR”) published a HIPAA Security Rule Crosswalk (“the Crosswalk”) to tie the standards together and help strengthen cybersecurity preparedness. More >

NIST standards provides an oasis of mobile device security in the EHR desert

The healthcare industry has long awaited some certainty in the arena of mobile devices in light of the continued push for electronic health records (“EHR”) and coordinated care. The prevalence, convenience, and speed of such devices is beyond discussion. According to the 2015 HIMSS Mobile Technology Survey, found that 90% of healthcare providers use them in their organizations. Mobile devices provide clinicians with quick access to information at the point of care. However, the use of mobile devices brings a mountain of security risks for covered entities, including the loss or theft of the mobile device and unsecure exchange of health information. When every individual entering a facility has a mobile device, the large number of mobile devices using a facility’s network can overload the system. More >

An Analysis of Urine Toxicology — Considerations for Health Providers

Posted In Drug Screening, Health Insurance Portability and Accountability Act of 1996 (HIPAA), Urinalysis

Urine toxicology, also referred to as urine drug screening, is an important procedure that health providers use for several reasons: to monitor patients’ medication compliance, detect drug abuse, or identify the presence of disease. There are numerous implications that accompany a urine toxicology examination though, and health providers are sometimes left wondering if they should hand over the cup to patients. More >

Plan for the Worst, Hope for the Best: Why You Must Have a HIPAA Risk Assessment

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA), HIPAA Risk Assessment, Office for Civil Rights ("OCR")

“The single biggest and most common compliance weakness is the lack of a timely and thorough risk analysis.” More >

Issues Concerning Substance Abuse Patient Confidentiality Laws

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA)

It was with the best of intentions that Congress passed the Federal Confidentiality of Alcohol and Drug Abuse Patient Records Law over forty years ago. The patient privacy regulations (“Part 2”) spawned by this law reflected a sensitivity to the stigma that can accompany substance abuse, preventing highly vulnerable patients in need from seeking appropriate treatment.[1] In the interim, however, the field of behavioral health care has experienced seismic shifts in coordinated patient care while the regulations concerning these patient records have failed to adapt to changing standards such as electronic health records or health information exchanges. Due to this inflexibility, providers and patients are now facing a host of impediments in the provision of behavioral healthcare. More >

Wellness Programs and the EEOC, Part One

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA), Patient Protection and Affordable Care Act (“ACA”)

On May 29, 2013, the U.S. Department of Labor, the U.S. Department of the Treasury, and the U.S. Department for Health and Human Services finalized rules regarding wellness programs offered in conjunction with group health plans. These changes were made in light of the Affordable Care Act (“ACA”). Prior to the enactment of the ACA, HIPAA provisions generally prohibited group health plans and group health insurance issuers from discriminating against individual participants and beneficiaries in eligibility, benefits, or premiums based on a health factor. The exception to the general rule allows premium discounts, rebates, or modifications to otherwise applicable cost-sharing systems (including copayments, deductibles, or coinsurance) in return for adherence to certain programs promoting health or preventing disease. More >

HIPAA Rules and Procedures in the Event of a Data Breach, Part Two

Posted In Data Breach, Electronic Protected Health Information (ePHI), Health Insurance Portability and Accountability Act of 1996 (HIPAA)

My last post focused on the discovery and investigation of a data security breach to determine if breach notification is needed. Today’s post now turns to the requirements of breach notification triggered by a data security breach. More >

HIPAA Rules and Procedures in the Event of a Data Breach, Part One

As discussed in my prior post, recent massive data breaches at major retailers and health insurance providers paint a bleak picture of modern data and emphasize the importance of strong security safeguards and plans for handling suspected security breaches for electronic protected health information (“ePHI”). In the healthcare context, a security breach of a covered entity or a Business Associate’s (BA) data security system triggers the Security Rule and can trigger certain breach notification requirements under Health Insurance Portability and Accountability Act (“HIPAA”) and Health Information Technology for Economic and Clinical Health Act (“HITECH”). This post will discuss the investigation needed to determine whether a breach has taken place, while the next post will discuss the necessary notifications in the event of a breach. More >

Lexington, KYLouisville, KYFrankfort, KY: MML&KFrankfort, KY LawGreenup, KYWashington, D.C.