{ Banner Image }

HHS Issues HIPAA “Basics” Fact Sheet

hipaa basics fact sheetThe Department of Health and Human Services (“HHS”) recently released a HIPAA overview called “HIPAA Basics for Providers: Privacy, Security, and Breach Notification Rules” (the “Overview”). The Overview is intended to provide HIPAA Covered Entities such as physicians, hospitals, and other health care providers with a basic overview of HIPAA’s rules and responsibilities. The fact sheet also provides an overview to Business Associates (such as law firms and accounting firms who receive protected health information ("PHI") from Covered Entities). The Overview can be found here.

The Overview explains that the HIPAA Privacy Rule protects individually identifiable PHI, which includes information such as an individual’s past, present, or future physical or mental health condition.

The Overview reminds Covered Entities of their obligations under the HIPAA Breach Notification Rule to notify affected individuals, HHS and, in certain instances, the media in the event of a breach of PHI. The Overview includes a table explaining who must receive notification in the event of a breach and when they must receive notification, depending on how many individuals are affected by the breach. 

In addition, the Overview explains who must comply with HIPAA. Covered Entities and Business Associates generally must follow HIPAA rules. Covered Entities include health care providers and health plans, while Business Associates include persons or organizations that perform certain functions for Covered Entities that involve access to PHI.  The Overview lists examples of both Covered Entities and Business Associates.

Finally, HHS provides a link for more information on the enforcement process, and reminds those obligated to comply with HIPAA that violations may result in civil and, in some cases, criminal penalties. While HHS cites a couple of hypothetical examples of HIPAA enforcement, HIPAA violations - and the consequences thereof - are very much real world problems for those subject to HIPAA and its regulations.

For example, St. Elizabeth’s Medical Center, a Massachusetts hospital, recently agreed to pay $218,400 to the federal government to settle allegations of data breaches of patient information. The hospital had been using an Internet-based document sharing application to store documents containing electronic PHI of nearly 500 patients without first analyzing the risks associated with the platform. It also reported a data breach involving PHI on a former employee’s personal laptop and flash drive. In a statement, HHS’s Office for Civil Rights explained that, “Organizations must pay particular attention to HIPAA’s requirements when using Internet-based document sharing applications.”

HIPAA is, and will continue to be, a hot and evolving topic in healthcare. For those subject to HIPAA, the obligations are significant and penalties can be steep. It is important to stay on top of HIPAA's developments in order to reduce accidental violations and avoid penalties. If you have any questions about HIPAA and how it impacts your business, please contact Julie Hamlet at (616) 796-2515 or jhamlet@fosterswift.com.

Categories: HIPAA, News & Events, Privacy, Providers

Type the following characters: whisky, mike, romeo, niner, three

* Indicates a required field.

Subscribe to RSS»
Get Updates By Email:

Best Lawyers® 2021

Congratulations to the attorneys of the Health Care practice group at Foster Swift Collins & Smith, PC for their inclusion in the Best Lawyers in America 2021 edition. Firm-wide, 44 lawyers were listed. Best Lawyers lists are compiled based on an exhaustive peer-review evaluation and as lawyers are not required or allowed to pay a fee to be listed; inclusion in Best Lawyers is considered a singular honor. Health Care practice group members listed in Best Lawyers are as follows:

To see the full list of Foster Swift attorneys listed in Best Lawyers 2021, click here.