HIPAA Regulations: Recent Legal Updates, Analysis, and Commentary

There’s a new sheriff in town, and he means business. Leon Rodriguez, the newly appointed Director of the Office of Civil Rights (the US Government agency charged with enforcing the Health Insurance Portability and Accountability Act privacy law), has made it clear: “Consumers need to know that private and secure access to their health information is a given. The privacy and security of health data will be a top priority for OCR during my tenure.”

With that in mind, here’s a roundup of recent HIPAA-related updates, from lawyers and law firms on JD Supra:

– On Data Breaches…

“Breach notification is required only where a breach compromises the security or privacy of [Protected Health Information] and that compromise poses a “significant risk of financial, reputational, or other harm to the individual.’” (From The HITECH Act and Its Impact on MSPs by Scott & Scott, LLP)

“This is a frightening object lesson for covered entities … about the risks presented by ‘downstream’ vendors, and the need to ensure that their handling and use of protected health information and e-PHI meets HIPAA and applicable state law privacy and data security standards. HIPAA as amended by HITECH now demands that business associates vouch in this manner for their downstream vendors in their business associate agreements.” (From Stanford Health Privacy Breach Highlights Downstream Vendor Risks, Issues by Christine Roberts)

“Most providers and contractors are aware that HIPAA does not provide for a private right of action. HIPAA, however, does not preclude actions under state laws… [and] is only part of the puzzle when it comes to privacy or security breaches.” (From Data Breach in California Results in $20 Million Class by Ober|Kaler)

“… literally tens of thousands of websites encourage internet surfers to share or ‘disclose’ information, blow the whistle on suspected bad actors – sometimes with offers of cash rewards –and social networking sites, blogs, the proliferation of phones containing still and video cameras create an environment in which some of your organization’s most precious and proprietary secrets and confidential information can find its way into the public domain in milliseconds.” (From HIPAA Update by Leslie Bender)

– On Social Media Policies…

“… covered entities and business associates should focus on developing a comprehensive social media policy and aggressively educating members of their workforce on the implications of HIPAA on the use of social media.” (From Social Media, Health Care Privacy and Your Employees: 7 Tips to Avoid HIPAA Violations and Employee Claims by Ober|Kaler)

– On HIPAA Audits…

“During the next few years it is probably unlikely that a particular small healthcare provider will be the subject of a random audit. That being said, over time, random audits of small healthcare providers may occur, if only to ‘send a message’ that HHS is serious about enforcing the privacy and security requirements of HIPAA.” (From HIPAA Audits Are Coming: The Time to Prepare Is Now International Lawyers Network)

– On the Release of Health Information to Patients…

“The proposed changes … seem minor, but will require substantial work on the part of many laboratories, especially those in states where the provision of test results to patients was previously not permitted… to prepare effective policies and procedures, train staff, and implement processes to receive and compliantly respond to patient communications.” (From Changes to HIPAA Privacy Rule and CLIA Regs Will Require Laboratories to Release Test Results to Patients by Ober|Kaler)

– On the California Genetic Information Nondiscrimination Act…

“CalGINA amends anti-discrimination laws already in effect to prohibit genetic discrimination in areas, such as housing; mortgage lending; employment; education; and public accommodations [and] provides broader protections from genetic discrimination than does the federal Genetic Information Nondiscrimination Act of 2008, which is limited to employment and health insurance coverage.” (From New California Law Prohibits Genetic Discrimination and Can Result in Significant Damages If Violated by Duane Morris LLP)

“Not all of SB 559’s provisions will seem new to California businesses. For example, GINA barred employers from intentionally acquiring genetic information from employees and applicants, and FEHA already prohibited employers from subjecting applicants or employees to genetic testing. However, SB 559 now establishes genetic information as a protected class within the broader framework of California’s civil rights laws.” (From California Adopts Genetic Anti-Discrimination Protections by Morrison & Foerster LLP)


Related Commentary and Analysis


Follow Health Law updates on: LinkedIn | Twitter | Facebook | JD Supra