Skip to Content


Legal Barriers RSS feed

HIPAA Enforcement: New Products from Health Information & the Law

The Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services is responsible for enforcing the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.  OCR has been very active investigating and penalizing violations of the HIPAA Rules.  OCR's enforcement process includes investigating complaints filed by individuals,... Read More >

New Fast Facts Defining Key Terms of the HIPAA Privacy Rule

Covered entities (CEs) are organizations that must comply with the HIPAA Privacy Rule.  CEs are made up of health care providers, health care plans, and clearinghouses.  Additionally, the Privacy Rule permits covered entities to use and disclose PHI without patient consent for certain core activities: treatment, payment and healthcare operations.  While treatment and payment... Read More >

New Products on Limited Data Sets and De-Identified Data

A limited data set is a set of patient identifiable information with certain types of information removed, as described under the Health Insurance Portability and Accountability Act’s (“HIPAA”) Privacy Rule.  De-identified data, by contrast, is not considered PHI at all and thus not protected by the Privacy Rule. Covered entities may use and disclose de-identified data... Read More >

Substance Abuse Records and Part 2: New Products Now Available

42 CFR Part 2 ("Part 2") are federal regulations governing the confidentiality of drug and alcohol abuse treatment and prevention records. The regulations include requirements applicable to certain federally assisted substance abuse treatment programs limiting the use and disclosure of substance abuse patient records and identifying information. Generally, written patient consent is required in... Read More >

Health Insurance Marketplaces: New Products from Health Information & the Law

The Patient Protection and Affordable Care Act (ACA) requires a health insurance marketplace or exchange to be established in each state.  The marketplaces are entities organized to provide competitive markets for buying health insurance for individuals who do not get health care coverage through their employers and small businesses (in separate Small Business Health Options or SHOP Exchange... Read More >

New Myth Busters on Access to PHI Under HIPAA

The HIPAA Privacy Rule identifies two specific instances where covered entities are required to disclose an individual's PHI: to the individual and to the Secretary of the U.S. Department of Health and Human Services.  In addition to these required disclosures, the Privacy Rule allows a covered entity to disclose an individual’s PHI to a family member involved in the individual’s... Read More >

Notice of Privacy Practices: New Products from Health Information & the Law

The HIPAA Privacy Rule requires health plans and covered health care providers to develop and distribute a notice, referred to as a Notice of Privacy Practices (NPP), that clearly explains the entity’s privacy practices and the rights individuals have related to the privacy of their protected health information (PHI). We invite you to learn more about the core elements of an NPP... Read More >

New Products on Patient Authorization Requirements and Exceptions under the HIPAA Privacy Rule

The HIPAA Privacy Rule allows a covered entity, such as a physician or a health plan, to disclose patient protected health information (PHI) without first obtaining a patient’s authorization for treatment, payment, and other purposes such as research and quality improvement activities. The Rule requires a covered entity to obtain an authorization in writing from a patient prior to any other... Read More >

Long-Term Care and Health Information Technology: Opportunities and Responsibilities for Long-Term and Post-Acute Care Providers

This article, written by Patricia MacTaggart and Jane Hyatt Thorpe for the American Health Information Management Association (AHIMA)'s research journal Perspectives in Health Information Management, addresses what Long-Term and Post-Acute Care (LTPAC) providers need to know about the role health information technology (HIT) plays in health systems transformation in order to be a viable... Read More >

Exchanging Health Information: Key HIPAA Issues for AF4Q Alliances and CVEs (Webinar)

This webinar provides information on key changes to the HIPAA Rules made by the HIPAA Omnibus Final Rule in January 2013. The presentation covers the application of the updated HIPAA rules to business associates and to the sale and de-identification of protected health information, and focuses specifically on how those changes will impact the exchange of health information. The presentation also... Read More >