New Rules

Feb 9, 2024 / By

42 C.F.R. Part 2 Final Rule Amending Privacy of Substance Use Disorder Records Released.

The Final Rule amending 42 CFR Part 2 finalizes changes that will align uses and disclosures of Part 2 information with HIPAA for treatment, payment & health care operations. Part 2 providers and others who must comply with Part 2 and this Final Rule have two (2) years to get into compliance. Read more about the changes and how we can help with compliance.

Meet New Jersey’s Brand New Data Privacy Act and Its Impact on Healthcare Organizations & Others

Meet New Jersey’s Brand New Data Privacy Act and Its Impact on Healthcare Organizations & Others

The New Jersey Data Privacy Act (NJDPA) was enacted on January 16, 2024. Although PHI collected by a HIPAA CE or BA is excluded from the NJDPA HIPAA CEs and BAs are NOT wholly excluded from compliance with the NJDPA. Also, HHS’ recent problematic interpretation that IP addresses collected by a healthcare provider’s website may be PHI adds even more complexity in interpreting the NJDPA.

Minnesota Supreme Court Finds State Law Permits Health Information to be Shared Because HIPAA Authorizes It

Minnesota Supreme Court Finds State Law Permits Health Information to be Shared Because HIPAA Authorizes It

The Minnesota Supreme Court held that HIPAA “authorizes” disclosures for purposes of state law and consent was not required for a hospital to disclose PHI to its institutionally related foundation for fundraising purposes. Other states might take a similar stance. The Information Blocking Rule (IBR) prohibits health care providers from interfering with the access and exchange of EHI in an unreasonable manner. State with laws containing similar “as authorized by federal law” exceptions to consent must be carefully considered when claiming the IBR’s Privacy Exception to “block” EHI.  

Is Your Organization Paying for the Cost of Health Care? You Might be Responsible for a Health Plan with HIPAA Compliance Obligations.

Is Your Organization Paying for the Cost of Health Care? You Might be Responsible for a Health Plan with HIPAA Compliance Obligations.

OCR reaches a new $1.3 million dollar settlement with a health plan for HIPAA violations. OCR says, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.” Employers that offer Employee Benefits must evaluate if they are responsible for a health plan with HIPAA compliance obligations.

Penalties for Violation of the Information Blocking Rule Start Today!

Penalties for Violation of the Information Blocking Rule Start Today!

OIG’s authority to begin enforcement of the Information Blocking Rule begins September 1, 2023. Certain Actors subject to the Information Blocking Rule may be subject up to a $1 million penalty per violation! Actors need to be proactive in ensuring their compliance with the Information Blocking Rule and not wait for the OIG to discover them.

42 C.F.R. Part 2 Final Rule Amending Privacy of Substance Use Disorder Records Released.

42 C.F.R. Part 2 Final Rule Amending Privacy of Substance Use Disorder Records Released.

The Final Rule amending 42 CFR Part 2 finalizes changes that will align uses and disclosures of Part 2 information with HIPAA for treatment, payment & health care operations. Part 2 providers and others who must comply with Part 2 and this Final Rule have two (2) years to get into compliance. Read more about the changes and how we can help with compliance.

Meet New Jersey’s Brand New Data Privacy Act and Its Impact on Healthcare Organizations & Others

Meet New Jersey’s Brand New Data Privacy Act and Its Impact on Healthcare Organizations & Others

The New Jersey Data Privacy Act (NJDPA) was enacted on January 16, 2024. Although PHI collected by a HIPAA CE or BA is excluded from the NJDPA HIPAA CEs and BAs are NOT wholly excluded from compliance with the NJDPA. Also, HHS’ recent problematic interpretation that IP addresses collected by a healthcare provider’s website may be PHI adds even more complexity in interpreting the NJDPA.

Minnesota Supreme Court Finds State Law Permits Health Information to be Shared Because HIPAA Authorizes It

Minnesota Supreme Court Finds State Law Permits Health Information to be Shared Because HIPAA Authorizes It

The Minnesota Supreme Court held that HIPAA “authorizes” disclosures for purposes of state law and consent was not required for a hospital to disclose PHI to its institutionally related foundation for fundraising purposes. Other states might take a similar stance. The Information Blocking Rule (IBR) prohibits health care providers from interfering with the access and exchange of EHI in an unreasonable manner. State with laws containing similar “as authorized by federal law” exceptions to consent must be carefully considered when claiming the IBR’s Privacy Exception to “block” EHI.  

Is Your Organization Paying for the Cost of Health Care? You Might be Responsible for a Health Plan with HIPAA Compliance Obligations.

Is Your Organization Paying for the Cost of Health Care? You Might be Responsible for a Health Plan with HIPAA Compliance Obligations.

OCR reaches a new $1.3 million dollar settlement with a health plan for HIPAA violations. OCR says, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.” Employers that offer Employee Benefits must evaluate if they are responsible for a health plan with HIPAA compliance obligations.

Subscribe & Survive the onslaught of new healthcare regulations requiring updates to affected compliance programs.

Get access to exclusive subscription-only access to resources, tools, industry analysis and other valuable solutions.