In a recent interview with an official from the federal Office of Civil Rights (OCR), which enforces HIPAA privacy and security rules, three emerging areas of concern were identified for covered entities. 

Hacking and ransomware continue to be a significant problem for the health-care sectors and covered entities must develop and maintain an incident response plan to deal with these attacks. 

OCR also advised that health-care providers have to be particularly careful when responding to patient complaints on online platforms, if they respond at all. These responses could result in the wrongful disclosure of protected health information of their patients, resulting in significant OCR enforcement actions.  

Finally, HIPAA-covered entities must exercise caution when employing website tracking technologies particularly around business associates agreements and obtaining patient consent.  

Reference

Lewis J. (2023) OCR Official Speaks About Compliance Concerns for HIPAA-Covered Entities and Business Associates JDSUPRA (accessed August 21, 2023).

Share this

Recent Posts

Proposed Regulation Would Remove Medical Bills from Credit Reports

American Telemedicine Association Publishes New Health Data Privacy Principles

New Federal Resource on Protecting the Privacy and Security of Consumer’s Health Information

Related Posts

Proposed Regulation Would Remove Medical Bills from Credit Reports

On September 21, the Consumer Financial Protection Bureau (CFPB) announced the beginning of a rulemaking process to remove medical bills from Americans’ credit reports. The CFPB outlined proposals under consideration that would “help families financially recover from medical crises, stop debt collectors from coercing people into paying bills they may not even owe, and ensure…

Read More

American Telemedicine Association Publishes New Health Data Privacy Principles

Amid rising concerns about data privacy within the telehealth arena, the American Telemedicine Association (ATA) released a set of principles to ensure patient data is protected during telehealth utilization.   The ATA’s Health Data Privacy Principles include six components: The ATA states that a federal policy would offer much-needed consistency in data privacy practices for telehealth providers…

Read More

New Federal Resource on Protecting the Privacy and Security of Consumer’s Health Information

The Federal Trade Commission (FTC) and the Department of Health and Human Services (HHS) recently released a joint publication that provides guidance and practical advice to all entities that collect, share, or use consumer information. Collecting, Using, or Sharing Consumer Health Information gathers all of the various legal obligations in one place and focuses on…

Read More