Upcoming Webinars

Site Updates

Disclaimer

The analysis of any legal or medical billing is dependent on numerous specific facts — including the factual situations present related to the patients, the practice, the professionals and the medical services and advice. Additionally, laws and regulations and insurance and payer policies are subject to change. The information that has been accurate previously can be particularly dependent on changes in time or circumstances. The information contained in this web site is intended as general information only. It is not intended to serve as medical, health, legal or financial advice or as a substitute for professional advice of a medical coding professional, healthcare consultant, physician or medical professional, legal counsel, accountant or financial advisor. If you have a question about a specific matter, you should contact a professional advisor directly. CPT copyright American Medical Association. All rights reserved. CPT is a registered trademark of the American Medical Association.

Menu
Log in
Forgot password


Search
Log in
Forgot password

HIPAA Blog and Updates

Welcome to out HIPAA blog.  Here we post news, articles, and site updates on HIPAA.  

  • OCR Issues Guidance on HIPAA, COVID-19 Vaccinations, and the Workplace

    30 Sep 2021 2:59 PM | Zachary Edgar (Administrator)

    Today, the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) issued guidance to help the public understand when the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule applies to disclosures and requests for information about whether a person has received a COVID-19 vaccine.

    The guidance reminds the public that the HIPAA Privacy Rule does not apply to employers or employment records. This is because the HIPAA Privacy Rule only applies to HIPAA covered entities (health plans, health care clearinghouses, and health care providers that conduct standard electronic transactions), and, in some cases, to their business associates.

    Today's guidance addresses common workplace scenarios and answers questions about whether and how the HIPAA Privacy Rule applies. This information will be helpful to the public as we continue to navigate the COVID-19 pandemic.

    "We are issuing this guidance to help consumers, businesses, and health care entities understand when HIPAA applies to disclosures about COVID-19 vaccination status and to ensure that they have the information they need to make informed decisions about protecting themselves and others from COVID-19," said OCR Director Lisa Pino.

    The Guidance on HIPAA, COVID-19 Vaccinations, and the Workplace may be found at https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-covid-19-vaccination-workplace/index.html.

  • OCR Resolves Twentieth Investigation in HIPAA Right of Access Initiative with $80,000 Settlement

    10 Sep 2021 3:00 PM | Zachary Edgar (Administrator)

    The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces the resolution of its twentieth investigation in its HIPAA Right of Access Initiative.  OCR created this initiative to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule.  Children’s Hospital & Medical Center (CHMC) has agreed to take corrective actions and pay $80,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard.  CHMC is located in Omaha, Nebraska, and provides pediatric health care services.

  • OCR Settles Nineteenth Investigation in HIPAA Right of Access Initiative

    2 Jun 2021 3:02 PM | Zachary Edgar (Administrator)

    The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has announced its nineteenth settlement of an enforcement action in its HIPAA Right of Access Initiative, which supports individuals' right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule. The Diabetes, Endocrinology & Lipidology Center, Inc. (“DELC”) has agreed to take corrective actions and pay $5,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard. DELC is a West Virginia based healthcare provider that provides treatment for Endocrine disorders.

  • Clinical Laboratory Pays $25,000 to Settle Potential HIPAA Security Rule Violations

    25 May 2021 3:03 PM | Zachary Edgar (Administrator)

    Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories (Peachstate), has agreed to pay $25,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.  Peachstate is based in Georgia and is certified under the Clinical Laboratory Improvement Amendments of 1988 (CLIA).  Peachstate provides diagnostic and laboratory-developed tests, including clinical and genetic testing services.

  • OCR Settles Eighteenth Investigation in HIPAA Right of Access Initiative

    26 Mar 2021 3:04 PM | Zachary Edgar (Administrator)

    The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its eighteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative to support individuals' right to timely access of their health records at a reasonable cost under the HIPAA Privacy Rule. Village Plastic Surgery ("VPS") has agreed to take corrective actions and pay $30,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard. VPS is located in New Jersey and provides cosmetic plastic surgery services.

  • OCR Settles Seventeenth Investigation in HIPAA Right of Access Initiative

    24 Mar 2021 3:05 PM | Zachary Edgar (Administrator)

    The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its seventeenth settlement of an enforcement action in its HIPAA Right of Access Initiative.  OCR announced this initiative to support individuals' right to timely access to their health records at a reasonable cost under the HIPAA Privacy Rule.

    The Arbour, Inc., doing business as Arbour Hospital ("Arbour"), has agreed to take corrective actions and pay $65,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard. Arbour is located in Massachusetts and provides behavioral health services.

  • Extension of the Public Comment Period for Proposed Modifications to the HIPAA Privacy Rule

    9 Mar 2021 3:09 PM | Zachary Edgar (Administrator)

    Today, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces a 45-day extension of the public comment period for the Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

    OCR first released the NPRM to the public on the HHS website on December 10, 2020, and it was published in the Federal Register on January 21, 2021.  The 45-day extension moves the current deadline for the public to submit comments from March 22, 2021, to May 6, 2021. The notice of extension of the comment period is available at https://public-inspection.federalregister.gov/2021-05021.pdf - PDF.

    The proposed changes to the HIPAA Privacy Rule include strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhancing flexibilities for disclosures in emergency or threatening circumstances, such as the Opioid and COVID-19 public health emergencies; and reducing administrative burdens on HIPAA covered health care providers and health plans, while continuing to protect individuals’ health information privacy interests.

    OCR encourages and will carefully consider comments from all stakeholders, including patients and their families, consumer advocates, HIPAA covered entities (health plans, health care clearinghouses, and most health care providers) and their business associates, health care professional associations, health information management professionals, health information technology vendors, and government entities.

    “OCR anticipates a high degree of public interest in providing input on the proposals because the HIPAA Privacy Rule affects nearly anyone who interacts with the health care system,” said Acting OCR Director Robinsue Frohboese.  “The 45-day extension of the comment period to May 6, 2021, will give the public a full opportunity to consider the proposals and submit comments to inform future policy.” 

    Interested members of the public may submit their comments on the NPRM no later than May 6, 2021. The NPRM is available for review and comment at https://www.federalregister.gov/documents/2021/01/21/2020-27157/proposed-modifications-to-the-hipaa-privacy-rule-to-support-and-remove-barriers-to-coordinated-care.


  • OCR Settles Sixteenth Investigation in HIPAA Right of Access Initiative

    12 Feb 2021 3:12 PM | Zachary Edgar (Administrator)

    The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its sixteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule.

    Sharp HealthCare, doing business as Sharp Rees-Stealy Medical Centers (“SRMC”), has agreed to take corrective actions and pay $70,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard. SRMC is located in California and provides health care through four acute-care hospitals, three specialty hospitals, three affiliated medical groups, and a health plan.

  • OCR Settles Fifteenth Investigation in HIPAA Right of Access Initiative

    10 Feb 2021 3:19 PM | Zachary Edgar (Administrator)

    The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its fifteenth settlement of an enforcement action in its HIPAA Right of Access Initiative.  OCR announced this initiative to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule.  Renown Health, P.C., a private, not-for-profit health system in Nevada, has agreed to take corrective actions and pay $75,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard.

  • Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People

    15 Jan 2021 3:24 PM | Zachary Edgar (Administrator)

    The Lifetime Healthcare Companies, including its affiliates Excellus Health Plan, Inc. doing business as Excellus BlueCross BlueShield and Univera Healthcare, Lifetime Health Medical Group, Lifetime Benefit Solutions, Lifetime Care, and The MedAmerica Companies (collectively "Excellus Health Plan") have agreed to pay $5.1 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to a breach affecting over 9.3 million people. Excellus Health Plan is a New York state health services corporation that provides health insurance coverage to over 1.5 million people in Upstate and Western New York.

About Us

Therapy Comply is a healthcare compliance firm that seeks to bring high quality web-based compliance guidance and one-on-one consulting services to small and medium size physical, occupational, and speech therapy practices.

Learn More 

Join Us

Join today as either a monthly or a yearly member and enjoy full access to the site and a significant discount to our live and recorded webinars.  Members also have access to compliance and billing support.

Join Today 

Find Us


Powered by Wild Apricot Membership Software