Posts about HIPAA by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
If you couldn’t make it to my recent webinar on Washington’s My Health My Data Act (MHMDA) and the new state health privacy laws, you can watch the replay here. I had a great discussion with Mike Hintze (Hintze Law).
If you couldn’t make it to my recent webinar on HIPAA and health privacy developments in 2023, you can watch the replay here. I had a great discussion with Deborah Gersh, Adam Greene, and Kate Black.
This cartoon is about the HIPAA right to access medical records. Obtaining access to one’s medical records is currently like a scavenger hunt. Patients have to call and call again, wait seemingly forever to get records, and receive them via ancient means like mail and fax. There have been several articles (here, here, and here) […]
The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2021), the 5th Circuit struck down a fine and enforcement […]
HIPAA training is an specific requirement of HIPAA. HIPAA requires that covered entities (CEs) and business associates (BAs) provide HIPAA training to members of their workforce who handle protected health information (PHI). This means administrative and clinical personnel need to be trained. Business associates — and any of their subcontractors — must have training. Basically, […]
This cartoon is about de-identifying PHI under HIPAA. De-identifying personal data is quite complicated. Researchers have been able to re-identify sets of personal data with just names, birth dates, and gender. The reason why de-identifying data is difficult is that there is more and more identified personal data online that can be matched up […]
It is an understatement to say that a lot has happened in privacy law during the past decade. Here is my list of the most notable developments. NOTE: I am giving a particular emphasis to what I find to be notable from a United States perspective. What is notable privacy law depends upon where one […]
Days after my recent blog post on the HIPAA Right of Access, the OCR released details of their first enforcement action for violation of the Right of Access. The complaint, received in August 2018, involved a mother who waited over 9 months to receive prenatal records from Bayfront Health in St. Petersburg. She requested the […]
One of the biggest sore spots in HIPAA compliance has been providing individuals with their right to access their medical records. In addition to the countless anecdotal accounts about the painful process of getting medical records, a recent study demonstrated just how far there is to go for providers to be in compliance. More than […]
This cartoon depicts something that happens far too often with HIPAA — HIPAA is used as an excuse not to do something (such as make disclosures or provide access to records in ways that patients request) even though HIPAA doesn’t have such a restriction. This is often done out of a lack of knowledge about […]