OCR Issues Bulletin on HIPAA Privacy due to Ebola Outbreak

The Office for Civil Rights (OCR) issued a bulletin November 10, 2014 on “HIPAA Privacy in Emergency Situations.” The stated purpose of the bulletin is to assure that covered entities and their business associates know how protected health information that may be shared during an emergency and that the privacy protections are not suspended during emergencies. The OCR has issued the bulletin in part due to the recent Ebola outbreak. Read the OCR bulletin Here.

HIPAA and Same-sex Marriage: Understanding Spouse, Family Member, and Marriage in the Privacy Rule

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has developed guidance to assist covered entities in understanding how the decision by the Supreme Court in United States v. Windsor may affect certain parts of their HIPAA Privacy Rule obligations.

Spouses Often Play an Integral in A Patient’s Health.


The HIPAA Privacy Rule recognizes that family members, such as spouses, often play an integral role in a patient’s health care.  For example, the Privacy Rule allows covered entities to share information about the patient’s care with family members in various circumstances.


In addition, the Privacy Rule provides protections against the use of genetic information about the individual, which includes certain information about family members of the individual, for underwriting purposes.

OCR’s guidance on HIPAA and Same-sex Marriage addresses the effect of the 2013 Supreme Court decision regarding the Defense of Marriage Act (DOMA) on these provisions, making clear that spouses include both same-sex and opposite-sex individuals who are legally married, whether or not they live or receive services in a jurisdiction that recognizes their marriage.

OCR’s guidance on the Windsor decision may be found at: HERE.

HIPAA Omnibus Bill Is Here

Anesthesia Compliance Consultants has summarized the major provisions of the HIPAA Omnibus Rule, which will be effective March 26, 2013 with a compliance date of September 23, 2013. This will affect anesthesia practices in many ways.


1.  Final modifications to HIPAA

  •   Make business associates of covered entities directly liable for compliance with HIPAA Privacy and Security Rules’ requirements.
  •   Strengthen the limitations on the use and disclosure of protected health information (PHI) for marketing and fundraising purposes, and prohibit the sale of PHI without individual authorization.
  •   Expand individuals’ rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.
  •   Require modifications to, and redistribution of, a covered entity’s notice of privacy practices.
  •   Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to decedent information by family members or others.
  •   Adopt the additional HITECH Act enhancements to the Enforcement Rule such as the provisions addressing enforcement of noncompliance with the HIPAA Rules due to willful neglect. Continue reading “HIPAA Omnibus Bill Is Here”

Lack of HIPAA Policies is Expensive

The Office for Civil Rights announced a settlement of potential violations of the HIPAA and Breach Notification Rules on December 27, 2013 with Adult & Pediatric Dermatology, P.C., of Concord, Mass., (AP Derm).

AP Derm settled potential violations with the OCR for a $150,000 payment and a corrective action plan. AP Derm is a private dermatology practice with four locations in Massachusetts and two in New Hampshire.

Continue reading “Lack of HIPAA Policies is Expensive”