Lobbying Affiliate: MML&K Government Solutions
{ Banner Image }

Healthcare Law Blog

Comprehensive Healthcare law services.
It's kind of our bag.

Contact Us

* Indicates a required field.

Categories

McBrayer Blogs

Related Blogs

Showing 51 posts in Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Healthcare Entities: HIPAA's Privacy Rule Exceptions in Light of COVID-19

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA), HIPAA

While the HIPAA Privacy Rule protects the privacy of patients’ health information (PHI), it is balanced to ensure that appropriate uses and disclosures of the information still may be made when necessary to treat a patient, to protect the nation’s public health, and for other critical purposes. More >

Tough Issues: Privacy and COVID-19

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA), HIPAA

Now more than ever, healthcare providers face important issues about HIPAA and patient privacy requirements for patients being evaluated for COVID-19, for those being treated for it, and for those exposed to it.  Patient privacy issues are complicated and if not handled correctly create risks for healthcare providers and healthcare employees, including financial penalties. Even in times of emergency, the protections of the Privacy Rule are not set aside. With the public wanting to know who has been exposed, who has been tested, and who has COVID-19, as well as all the details about individual patients and their families, healthcare providers need to know what can be disclosed in a manner consistent with HIPAA’s Privacy Rule.  Healthcare workers must also know that they are not authorized to disclose information on individuals even when they think that it is in the best interest of the public. HIPAA privacy standards still apply even when disclosures are permitted.  Thus, now more than ever, healthcare providers must have strong policies and procedures in place that their employees know and follow. From clinicians to maintenance staff, healthcare providers should make sure that individual staff members understand their obligations and HIPAA’s privacy protections.   

Lisa English Hinkle is a Member of McBrayer law. Ms. Hinkle chairs the healthcare law practice and is located in the firm’s Lexington office. Contact Ms. Hinkle at lhinkle@mcbrayerfirm.com or (859) 231-8780, ext. 1256, or reach out to any of the attorneys at McBrayer. 

Services may be performed by others.

This article does not constitute legal advice.

New Kentucky Law Provides More Access to Telehealth

Posted In Health Care Law, Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Thanks to recently passed legislation going into effect July 1, 2019, Kentucky providers will have more access to patients via telehealth. Previously, telehealth visits were limited to doctors and high-level practitioners, with patients required to be in a clinical setting for the visit. The new law will allow commercial insurance and Medicaid to pay for telehealth visits in the home as well as pay mid-level providers for telehealth visits. More >

OCR Updates HIPAA Audit Protocol for Phase 2

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Recently, the Office of Civil Rights (“OCR”) provided an updated protocol that it will use when assessing compliance with HIPAA rules. OCR recently began Phase 2 of its HIPAA compliance audits, extending coverage of these audits to Business Associates (“BAs”) as well as Covered Entities (“CEs”). Both BAs and CEs should pay particular attention to these revised audit protocols, as they indicate exactly what OCR will be looking for when conducting these audits. More >

HHS Finalizes Exception to HIPAA Privacy Rule for Firearm Background Checks

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA), HIPAA, Mental Health Care

In January of 2016, the Department of Health & Human Services (“HHS”) issued a final rule modifying the HIPAA Privacy Rule.[1] This modification allows certain covered entities to disclose the identities of certain individuals to the National Instant Criminal Background Check System (“NICS”), a database maintained by the FBI. The information disclosed by the entities would pertain to an individual’s mental health, preventing those subject to a federal “mental health prohibitor” from possessing or receiving a firearm. Such a disclosure naturally creates a tension in the patient-provider relationship, however, and critics contend it could potentially discourage mentally ill individuals from seeking treatment.


[1] 45 C.F.R. §164 (2016) More >

New Guidance Maps HIPAA Security Rule to NIST Cybersecurity Framework to Help Providers Manage Cybersecurity Risk

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA), HIPAA

In a world of looming data breaches and significant penalties for the release of protected health information, the complexities of cybersecurity and compliance with the HIPAA Security Rule can be incredibly daunting. In 2014, in response to the growing threat of data breaches, the National Institute of Standards and Technology (“NIST”) released the Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”) as a means to standardize best practices in cybersecurity across organizations. To assist providers with implementing the Framework while remaining in compliance with the HIPAA Security Rule, the Department of Health and Humans Services Office for Civil Rights (“OCR”) published a HIPAA Security Rule Crosswalk (“the Crosswalk”) to tie the standards together and help strengthen cybersecurity preparedness. More >

NIST standards provides an oasis of mobile device security in the EHR desert

The healthcare industry has long awaited some certainty in the arena of mobile devices in light of the continued push for electronic health records (“EHR”) and coordinated care. The prevalence, convenience, and speed of such devices is beyond discussion. According to the 2015 HIMSS Mobile Technology Survey, found that 90% of healthcare providers use them in their organizations. Mobile devices provide clinicians with quick access to information at the point of care. However, the use of mobile devices brings a mountain of security risks for covered entities, including the loss or theft of the mobile device and unsecure exchange of health information. When every individual entering a facility has a mobile device, the large number of mobile devices using a facility’s network can overload the system. More >

An Analysis of Urine Toxicology — Considerations for Health Providers

Posted In Drug Screening, Health Insurance Portability and Accountability Act of 1996 (HIPAA), Urinalysis

Urine toxicology, also referred to as urine drug screening, is an important procedure that health providers use for several reasons: to monitor patients’ medication compliance, detect drug abuse, or identify the presence of disease. There are numerous implications that accompany a urine toxicology examination though, and health providers are sometimes left wondering if they should hand over the cup to patients. More >

Plan for the Worst, Hope for the Best: Why You Must Have a HIPAA Risk Assessment

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA), HIPAA Risk Assessment, Office for Civil Rights ("OCR")

“The single biggest and most common compliance weakness is the lack of a timely and thorough risk analysis.” More >

Issues Concerning Substance Abuse Patient Confidentiality Laws

Posted In Health Insurance Portability and Accountability Act of 1996 (HIPAA)

It was with the best of intentions that Congress passed the Federal Confidentiality of Alcohol and Drug Abuse Patient Records Law over forty years ago. The patient privacy regulations (“Part 2”) spawned by this law reflected a sensitivity to the stigma that can accompany substance abuse, preventing highly vulnerable patients in need from seeking appropriate treatment.[1] In the interim, however, the field of behavioral health care has experienced seismic shifts in coordinated patient care while the regulations concerning these patient records have failed to adapt to changing standards such as electronic health records or health information exchanges. Due to this inflexibility, providers and patients are now facing a host of impediments in the provision of behavioral healthcare. More >

Lexington, KYLouisville, KYFrankfort, KY: MML&K Government SolutionsWashington, D.C.