On April 9th, HHS announced a new Notification of Enforcement Discretion Regarding COVID-19 Community Based Testing Sites. The Notification of Enforcement Discretion has a retroactive date to March 13, 2020. The HHS Notification informs the public that it is exercising its discretion...
A HIPAA “Business Associate” is a person, other than a member of the workforce, who creates, receives, maintains or transmits PHI in the performance of services or functions for or on behalf of a Covered Entity. Treatment and Payment disclosures do NOT create a HIPAA BA relationship. Conduits are not HIPAA BAs, but the exception is very narrow. Covered Entities should review each HIPAA BA Agreement is needed, or not.
On April 2nd, HHS announced a new “Notification of Enforcement Discretion Under HIPAA to Allow Uses and Disclosures of PHI by Business Associates for Public Health and Health Oversight Activities in Response to COVID-19” (published in 85 Fed. Reg 193292 (April 7, 2020)). Government officials...
Last night, the State of New Jersey announced Departmental actions being taken to expand access to Telehealth and Tele-Mental Health services in response to COVID-19 outbreak. By Department, here they are: Department of Human Services, Division of Medical Assistance and Health Services ...
The events unfolding with respect to COVID-19 are unprecedented. There is a lot going on, and for those out there on the front lines of health care – like my husband who is an ER doc – I know that your first priority is helping patients and ensuring everyone around you is safe and healthy. ...
“Top 10” List for Security Law Compliance As we bid farewell to late night comedy host David Letterman, I thought it appropriate and timely to give a nod to one of Letterman’s most iconic segments, his “Top 10”, with my own Top 10 list for complying with applicable Security Law: #10. THE HIPAA...
SAMHSA Public Session to Discuss Part 2 Regulations & HIE The Part 2 regulations which govern and protect information created by drug and alcohol rehabilitation providers have caused challenges for electronic health information exchange ever since HIE became a household term (….ok, well at...
What Is a “Conduit” and When Do They Cross The HIPAA BA Line? [1] As health information organizations (HIOs) start to facilitate secure networked health information exchange (HIE), the question of whether the HIO is or is not a HIPAA business associate (BA) almost always comes up. In the...
Webinar: HIPAA and HIT Best Practices for Hospital Executives & Board Trustees Webinar Topic: Health IT Webinar for Hospital Executives and Board Trustees Date: May 21, 2014 Time: 8:30 a.m. – 10:00 a.m. EST Presenter: Helen Oscislawski, Esq. Register here:...
CMS Extends Meaningful Use Hardship Extension Where Vendor Delayed with Certifying EHR Technology. [THIS POST CORRECTS EP’s DEADLINES.] CMS announced Monday that eligible hospitals and eligible professionals (“EPs”) participating in the Medicare and Medicaid EHR Incentive Programs...
This coming Friday, April 19th, Seton Hall Law in collaboration with the Bergen County Prosecutor’s Office is offering a fantastic event called: “HIPAA, HITECH & Beyond: Protecting Healthcare Data in Our Cyber World”, which promises to examine current issues, enforcement trends, and...
What Do I Need To Do to Comply with the HITECH Omnibus Rule? (the short version, please) The HITECH Omnibus Rule clocked-in at 563 pages, and we have read, digested and condensed the nuts and bolts for you here in our February 2013 edition of our Health Law Diagnosis newsletter. But if...
Note to Mr. Donald Trump: According to HHS’ New Omnibus Rule, You Can Have A Copy of That Birth Certificate in About 100 or so Years Because HIPAA Doesn’t Apply One change under the Omnibus Rule that is somewhat flying under the radar is that HIPAA no longer will apply to a patients’...
“Significant Risk of Harm” No Longer Required to Trigger Breach Notification When it comes to responding to a Breach, what every Covered Entity (CE) and Business Associate (BA) wants to know is “Do we have to notify, or not?” Completing a documented “Risk Assessment” has always been...
FINALLY! HHS Releases the Final HIPAA/HITECH Omnibus Rule. Finally, the long awaited Final Rules are out. The Department of Health and Human Services (HHS) posted the HIPAA/HITECH “Omnibus Rule” on January 17, 2013 at 4:15 pm. You can download a copy here, or go straight to the source...