Minnesota Supreme Court Finds State Law Permits Health Information to be Shared Because HIPAA Authorizes It

Minnesota Supreme Court Finds State Law Permits Health Information to be Shared Because HIPAA Authorizes It

by | Oct 11, 2023 | , , , ,

The Minnesota Supreme Court held that HIPAA “authorizes” disclosures for purposes of state law and consent was not required for a hospital to disclose PHI to its institutionally related foundation for fundraising purposes. Other states might take a similar stance. The Information Blocking Rule (IBR) prohibits health care providers from interfering with the access and exchange of EHI in an unreasonable manner. State with laws containing similar “as authorized by federal law” exceptions to consent must be carefully considered when claiming the IBR’s Privacy Exception to “block” EHI.  

read more
Is Your Organization Paying for the Cost of Health Care? You Might be Responsible for a Health Plan with HIPAA Compliance Obligations.

Is Your Organization Paying for the Cost of Health Care? You Might be Responsible for a Health Plan with HIPAA Compliance Obligations.

by | Sep 21, 2023 | , , ,

OCR reaches a new $1.3 million dollar settlement with a health plan for HIPAA violations. OCR says, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.” Employers that offer Employee Benefits must evaluate if they are responsible for a health plan with HIPAA compliance obligations.

read more
Genetic Testing Company Violates Privacy and Security Policies, FTC Says.

Genetic Testing Company Violates Privacy and Security Policies, FTC Says.

by | Jun 19, 2023 | , , ,

Genetic testing companies, and those who partner with them, must take care to ensure that the scope of how consumers’ sensitive data is used and shared in the future aligns with the scope of consent that was granted by the consumer at the point of collection. The FTC found that a California-based genetic testing company informed consumers that it would only share consumers’ sensitive health and other personal information “in limited circumstances,” but then expanded sharing such information with new third parties, like supermarket chains. The FTC has now stepped up to protect consumers’ sensitive genetic information.

read more
ONC Publishes New FAQs on Information Blocking focused on the Privacy Exception.

ONC Publishes New FAQs on Information Blocking focused on the Privacy Exception.

by | Apr 2, 2023 | , ,

The Office of National Coordinator says it receives a lot of questions regarding how the Information Blocking Rule is supposed to work in tandem with the HIPAA Privacy Rule and other federal and state laws governing privacy and confidentiality. Their new FAQs aim to help clarify when actors can choose to not respond to a request for access, exchange, or use of electronic health information.

read more
How to Use the Privacy Exception to Deny an Abuser Access to EHI

How to Use the Privacy Exception to Deny an Abuser Access to EHI

by | Mar 5, 2021 | ,

When an Actor wants to potentially deny access of EHI to a person who is suspected of some type of abuse of the individual (the “Abuser”) whose EHI is being sought, the natural inclination is want to look to the Information Blocking (IB) Rule’s Preventing Harm Exception to justify such denial.  However, the IB Rule’s Privacy Exception offers additional options and, in certain ways, more flexibility for the Actor to deny a suspected Abuser’s request for EHI.  

read more
Threading the HIPAA Needle through Information Blocking to Block Patient Access when Data is Corrupted

Threading the HIPAA Needle through Information Blocking to Block Patient Access when Data is Corrupted

by | Feb 18, 2021 | ,

The Information Blocking (IB) Rule is intended to work in sync with HIPAA, including the “right of access” the Privacy Rule grants to patients with regard to access to their own protected health information (PHI).  However, as I continue to analyze how to implement various standards that overlap between these two regulations, questions about how to thread the needle on seemingly conflicting standards continues to come up. Today, I take a closer look at the difference between HIPAA’s “right of access” as compared to the Preventing Harm Exception found in the IB Rule. Specifically, this post considers how a covered entity health care provider . . .

read more
How the Preventing Harm Exception Changes HIPAA

How the Preventing Harm Exception Changes HIPAA

by | Feb 9, 2021 | , ,

the “Preventing Harm Exception” under the Information Blocking Rule is not only the most challenging exception to apply, but also the most difficult to interpret – particularly where some of the standards do not exactly track HIPAA, and still other imprecise language ONC used has made its interpretation uncertain. In this post, I will attempt to distill the Preventing Harm Exception down to its basic elements, as well as point out issues in its interpretation to be aware of.

read more
A “Double-Double” Set of Proposed Rules from CMS & OCR Affecting Data Sharing & HIPAA

A “Double-Double” Set of Proposed Rules from CMS & OCR Affecting Data Sharing & HIPAA

by | Dec 14, 2020 | , , , ,

Late last week, two new proposed rules were released which will affect the exchange of health information and HIPAA, among other things.  The CMS and OCR proposed rules come in at over 347 and 357 pages respectively – so that’s a lot of meat to digest!  At a high level, the CMS Proposed Rule aims to “improve the electronic exchange of health care data among payers, providers, and patients,” and “streamline processes related to prior authorization to reduce burden on providers and patients.” The OCR proposed changes to HIPAA take a bite out of patient access, minimum necessary, the HIPAA NPP and more . . .

read more
Per ONC, Lab Results Generally Cannot be Delayed to “Prevent Harm” (unless threat to life & physical safety)

Per ONC, Lab Results Generally Cannot be Delayed to “Prevent Harm” (unless threat to life & physical safety)

by | Oct 8, 2020 | ,

As the November 2nd deadline for compliance with ONC’s Information Blocking Rule nears, many health care providers – which are “Actors” subject to the Rule – are scrambling to reexamine their default settings for sharing various types of data, including lab results. In ONC’s Final Rule preamble, several commenters indicated that providers’ current organizational policies call for practices that delay the release of laboratory results so that the patient’s clinician has an opportunity to review the results before potentially needing to respond to patient questions, or has an opportunity to communicate the results to the patient in a way that builds the clinician-patient relationship.

read more
Info Blocking Rules have you STRESSED?!! Join Helen O. for Two Not-to-Miss Workshops for Help!

Info Blocking Rules have you STRESSED?!! Join Helen O. for Two Not-to-Miss Workshops for Help!

by | Sep 23, 2020 | , , , ,

Join me for a pair of 1.5hr Information Blocking Workshops designed to work thorough the nitty-gritty details of the Information Blocking Rule.  The first Workshop will take place WEDNESDAY (9/30) so don’t delay! Workshops will include use cases and scenarios aimed at real challenges faced by health care providers looking to comply with these new regulatory standards for access and sharing of electronic health information. Registrants will receive 2 sample P&Ps, and much more!

read more

Archives