Skip to Content


Legal Barriers RSS feed

New Fast Facts Defining Key Terms of the HIPAA Privacy Rule

Covered entities (CEs) are organizations that must comply with the HIPAA Privacy Rule.  CEs are made up of health care providers, health care plans, and clearinghouses.  Additionally, the Privacy Rule permits covered entities to use and disclose PHI without patient consent for certain core activities: treatment, payment and healthcare operations.  While treatment and payment... Read More >

New Products on Limited Data Sets and De-Identified Data

A limited data set is a set of patient identifiable information with certain types of information removed, as described under the Health Insurance Portability and Accountability Act’s (“HIPAA”) Privacy Rule.  De-identified data, by contrast, is not considered PHI at all and thus not protected by the Privacy Rule. Covered entities may use and disclose de-identified data... Read More >

Substance Abuse Records and Part 2: New Products Now Available

42 CFR Part 2 ("Part 2") are federal regulations governing the confidentiality of drug and alcohol abuse treatment and prevention records. The regulations include requirements applicable to certain federally assisted substance abuse treatment programs limiting the use and disclosure of substance abuse patient records and identifying information. Generally, written patient consent is required in... Read More >

Health Insurance Marketplaces: New Products from Health Information & the Law

The Patient Protection and Affordable Care Act (ACA) requires a health insurance marketplace or exchange to be established in each state.  The marketplaces are entities organized to provide competitive markets for buying health insurance for individuals who do not get health care coverage through their employers and small businesses (in separate Small Business Health Options or SHOP Exchange... Read More >

New Myth Busters on Access to PHI Under HIPAA

The HIPAA Privacy Rule identifies two specific instances where covered entities are required to disclose an individual's PHI: to the individual and to the Secretary of the U.S. Department of Health and Human Services.  In addition to these required disclosures, the Privacy Rule allows a covered entity to disclose an individual’s PHI to a family member involved in the individual’s... Read More >

Notice of Privacy Practices: New Products from Health Information & the Law

The HIPAA Privacy Rule requires health plans and covered health care providers to develop and distribute a notice, referred to as a Notice of Privacy Practices (NPP), that clearly explains the entity’s privacy practices and the rights individuals have related to the privacy of their protected health information (PHI). We invite you to learn more about the core elements of an NPP... Read More >

New Products on Patient Authorization Requirements and Exceptions under the HIPAA Privacy Rule

The HIPAA Privacy Rule allows a covered entity, such as a physician or a health plan, to disclose patient protected health information (PHI) without first obtaining a patient’s authorization for treatment, payment, and other purposes such as research and quality improvement activities. The Rule requires a covered entity to obtain an authorization in writing from a patient prior to any other... Read More >

Long-Term Care and Health Information Technology: Opportunities and Responsibilities for Long-Term and Post-Acute Care Providers

This article, written by Patricia MacTaggart and Jane Hyatt Thorpe for the American Health Information Management Association (AHIMA)'s research journal Perspectives in Health Information Management, addresses what Long-Term and Post-Acute Care (LTPAC) providers need to know about the role health information technology (HIT) plays in health systems transformation in order to be a viable... Read More >

Exchanging Health Information: Key HIPAA Issues for AF4Q Alliances and CVEs (Webinar)

This webinar provides information on key changes to the HIPAA Rules made by the HIPAA Omnibus Final Rule in January 2013. The presentation covers the application of the updated HIPAA rules to business associates and to the sale and de-identification of protected health information, and focuses specifically on how those changes will impact the exchange of health information. The presentation also... Read More >

FDA Releases Guidance on Mobile Health Applications

The Food & Drug Administration (FDA) released guidance on mobile health applications on September 25, 2013.  The guidance states that the FDA will focus its oversight activities on mobile health applications that are intended to be used as an accessory to a medical device or to transform a mobile platform into a medical device.  The guidance emphasizes that the FDA will not target... Read More >