HIPAA Privacy Rule Archives - EMPLOYEE BENEFITS BLOG

OCR Issues Proposed Rule to Modify HIPAA Privacy Rule to Include Explicit Protections for Reproductive Healthcare

by Stacey Callaghan, Jiayan Chen, Caroline Reignley, Scott Weinstein and Dexter Golinghorst | Apr 20, 2023 | Digital Health, Employee Benefits, Health and Welfare Plans

On April 12, 2023, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a notice of proposed rulemaking detailing its proposal to modify the HIPAA Privacy Rule (Proposed Rule). The Proposed Rule comes as a part of the Biden administration’s response to the US Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization.

The Proposed Rule would provide special protections for protected health information (PHI) related to reproductive healthcare. Following the Dobbs decision, many healthcare providers expressed concerns that PHI related to reproductive healthcare may be sought by state and local governments for use in criminal, civil or administrative investigations or proceedings. OCR noted that such compelled uses and disclosures of PHI could have a chilling effect on lawfully obtained healthcare and erode trust in confidential communications between a patient and provider. Additionally, providers could elect to leave out critical details from a patient’s medical record if they fear the information could later be used by a state or local government actor against the patient.

Stakeholders may submit comments on the proposed rule on or before June 16, 2023.

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

by Anthony A. Bongiorno and Michael G. Morgan | Jan 12, 2017 | Health and Welfare Plans, Privacy and Data Security

The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this article explain the guidance and what to do if you are subject to a ransomware attack.

Read the full article here.

New HIPAA Regulations Require Action by Group Health Plans

by McDermott Will & Emery | Mar 19, 2013 | Health and Welfare Plans, Privacy and Data Security

by Amy M. Gordon and Jamie A. Weyeneth

Final HIPAA privacy and security regulations issued by the U.S. Department of Health and Human services will require action by group health plan sponsors by September 2013.

To read the full article, click here.

HIPAA De-Identification Guidance

by McDermott Will & Emery | Dec 21, 2012 | Privacy and Data Security

by Jennifer S. Geetter, Amy M. Gordon, Daniel F. Gottlieb and Amy Hooper Kearbey

Office of Civil Rights has released additional guidance addressing the de-identification of protected health information in accordance with the HIPAA Privacy Rule. Covered entities should review their current de-identification methods and make any necessary changes to comply with the new guidance.

To read the full article, click here.