Health Care Today | Health Law Blog

Effective March 15, 2020, the Department of Health and Human Services (HHS) issued a Bulletin announcing that HHS Secretary Alex Azar has exercised his authority to waive sanctions and penalties against a covered hospital that does not comply with certain provisions of the HIPAA Privacy Rule.

A recent article published in Part B News features an interview with Greensfelder Officer Lucie Huger about the implications of a court ruling on medical record fees charged to patients and third parties.

Greensfelder attorney Lucie Huger was featured in Relias Media's Hospital Access Management HIPAA Regulatory Alert article entitled, “Avoid Most Common HIPAA Violations With Best Practices, Education.”

An excerpt of the article is as follows:

HIPAA breaches can happen even to the best prepared healthcare organizations, but knowing the most common failings can improve your chances of staying in the good graces of the Office for Civil Rights (OCR).

The Office of Civil Rights (OCR) within the Department of Health and Human Services (HHS) has been able to hold “business associates” directly liable for certain HIPAA violations since 2009, with the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Under HIPAA, a “business associate” is an entity that receives protected health information (PHI) in order to provide services to a “covered entity” (such as a health care provider, a health plan, or a heath care clearinghouse).

On April 23, 2019, the U.S. Department of Health & Human Services (HHS) published a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties (CMP) outlining interim annual limits for HIPAA violations. HHS believes the revised annual limits “reflect the most logical reading of the HITECH Act.” These amounts are subject to change pending further rulemaking.