HHS Issues Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe

On the heels of the Supreme Court ruling in Dobbs vs. Jackson Women’s Health Organization, where the right to safe and legal abortion was taken away, President Biden and U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra called on HHS agencies to take action to protect access to sexual and reproductive health care, including abortion, pregnancy complications, and other related care. Today, in direct response, the HHS Office for Civil Rights (OCR) issued new guidance to help protect patients seeking reproductive health care, as well as their providers.


GAO Calls on HHS to Improve Healthcare Data Breach Reporting Process

In its latest report, the US Government Accountability Office (GAO) called on HHS to improve the healthcare data breach reporting process. Specifically, GAO urged HHS to create a mechanism for entities to provide feedback on the breach reporting process. GAO studied the number of breaches reported to HHS since 2015, analyzed the extent to which HHS established a review process to assess a covered entity’s security practices, and assessed improvement opportunities relating to breach reporting requirements.  


OCR to Produce Video Presentation on HITECH Act Recognized Security Practices

The HHS’ Office for Civil Rights (OCR) is producing a video presentation to help HIPAA-regulated entities implement “Recognized Security Practices.” The Health Information Technology for Economic and Clinical Health (HITECH) Act was recently amended (Public Law 116-321) to require OCR to consider recognized security practices that have been in place for at least 12 months prior to certain Security Rule enforcement and audit activities. OCR previously issued a Request for Information regarding the HITECH Act recognized security practices, the comment period for which ended last week.


HHS Issues Guidance on HIPAA and Audio-Only Telehealth

Today, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered health care providers and health plans can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, including when OCR’s Notification of Enforcement Discretion for Telehealth – PDF is no longer in effect.

CHIME and WEDI Launch the “THINK BEFORE YOU CLICK” Campaign to Arm Consumers Against Loss of Health Information

As patients increasingly permit access to their health information by way of third-party applications (apps), the need to ensure the privacy and security of this data has exponentially grown. Many of these apps are not covered entities under HIPAA and are not bound by any current privacy and security requirements. In response, the College of Healthcare Information Management Executives (CHIME) and the Workgroup for Electronic Data Interchange (WEDI) announce the launch of the “THINK BEFORE YOU CLICK” campaign.