HHS Releases Final Substance Use Disorder Confidentiality Rule

Attorney and Author George F. Indest III HeadshotBy: George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law
On February 8, 2024, the U.S. Department of Health and Human Services (HHS) released a final rule modifying the Confidentiality of Substance Use Disorder (SUD) Patient Records federal regulations (42 C.F.R. Part 2). The new regulation will supposedly help ensure that health care providers have more complete information when treating patients with substance use disorders and improve that regulations compatibility with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Regulations.
Background.
The SUD final rule came out of the bipartisan Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which, among other things, required HHS to align the Part 2 SUD program with HIPAA Privacy, Breach Notification, and Enforcement Rules.
The final rule strengthens confidentiality protections while improving care coordination for […]

HHS Releases Final Substance Use Disorder Confidentiality Rule

By: George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On February 8, 2024, the U.S. Department of Health and Human Services (HHS) released a final rule modifying the Confidentiality of Substance Use Disorder (SUD) Patient Records federal regulations (42 C.F.R. Part 2). The new regulation will supposedly help ensure that health care providers have more complete information when treating patients with substance use disorders and improve that regulations compatibility with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Regulations.

Background.

The SUD final rule came out of the bipartisan Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which, among other things, required HHS to align the Part 2 SUD program with HIPAA Privacy, Breach Notification, and Enforcement Rules.

The final rule strengthens confidentiality protections while improving care coordination for patients and providers. Patients can seek needed […]

California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts

Author HeadshotBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. The California-based dental practice paid $23,000 to OCR and agreed to implement a corrective action plan after allegedly including protected health information (PHI) in its responses to reviews on Yelp.

The Complaint and Investigation.

On November 29, 2017, the Office for Civil Rights (OCR) received a complaint alleging New Vision Dental had posted responses to several unfavorable reviews by patients on Yelp and frequently disclosed confidential protected health information (PHI) in its responses. For example, in some posts, patients were allegedly identified, and NVD revealed their full names when the patient may have only chosen to use a […]

By |2024-04-10T20:00:49-04:00April 12, 2024|Categories: Dental Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |Comments Off on California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts

Florida Primary Care Practice Settles HIPAA Investigation for $20,000

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On December 15, 2022, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that Health Specialists of Central Florida, Inc., will pay $20,000 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule’s right of access standard.

The primary care provider also agreed to a corrective action plan (CAP) with two years of monitoring.

It is extremely important that Florida physicians and health professionals remember that there is a federal law requirement under HIPAA that requires the timely furnishing of a health record requested by a patient. You must be sure to meet the deadline, but, more importantly, document that you have met it. Use cover letters, obtain receipts when possible, and document the date you provided the […]

By |2024-03-21T20:00:52-04:00March 23, 2024|Categories: Health Facilities Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |Comments Off on Florida Primary Care Practice Settles HIPAA Investigation for $20,000

HCA Healthcare Data Breach May Affect 11 Million Patients

Author HeadshotBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On July 11, 2023, HCA Healthcare, which operates 180 hospitals in the U.S. and Britain, said a hacker may have stolen the personal data of about 11 million patients in a data breach. A press release warned patients that critical personal information had been compromised, including their full name, city, and when and where they last saw a healthcare provider.

What Happened to the Patient Data?

Data samples, including addresses, phone numbers, e-mails, and birth dates, were posted to DataBreaches.net (an online forum popular with cyber crooks) by a hacker trying to sell them. However, after publication, an HCA spokesperson told CNBC that the sample data set published was only a “marketing campaign” (or fake data) and was not an individual patient’s real medical assessment.

Who is Affected?

The […]

By |2024-03-14T09:59:18-04:00October 10, 2023|Categories: Nursing Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |Comments Off on HCA Healthcare Data Breach May Affect 11 Million Patients

Dental Practice Pays $23,000 For Potential HIPAA Privacy Violations Involving Yelp Posts

Author HeadshotBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. The California-based dental practice paid $23,000 to OCR and agreed to implement a corrective action plan after allegedly including protected health information (PHI) in its responses to reviews on Yelp.

The Complaint and Investigation.

On November 29, 2017, the Office for Civil Rights (OCR) received a complaint alleging New Vision Dental had posted responses to several unfavorable reviews by patients on Yelp and frequently disclosed confidential protected health information (PHI) in its responses. For example, in some posts, patients were allegedly identified, and NVD revealed their full names when the patient may have only chosen to use a […]

By |2024-03-14T09:59:20-04:00September 11, 2023|Categories: Health Facilities Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |Comments Off on Dental Practice Pays $23,000 For Potential HIPAA Privacy Violations Involving Yelp Posts

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that […]

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that […]

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that […]

Go to Top