Rachel V. Rose, JD, MBA, principal with Rachel V. Rose – Attorney at Law, P.L.L.C., Houston, TX presents. Throughout the pandemic, HHS-OCR has announced the use of its enforcement discretion when bringing forth HIPAA-related enforcement actions. This trend appears to be continuing as the vaccine roles out. Additionally, proposed changes to the Privacy Rule were released in December 2020 and OCR continues to enforce violations against providers for not providing a patient with his/her medical records. This presentation provides a timely overview of these items, as well as addressing key terms such “reasonable” and “good faith” in the context of protecting the confidentiality, integrity, and availability of protected health information.
Rachel V. Rose, JD, MBA, principal with Rachel V. Rose – Attorney at Law, P.L.L.C., Houston, TX presents. “As part of the Department’s effort to fully protect patients’ health information and their rights under HIPAA, OCR has issued this important new fact sheet clearly explaining a business associate’s liability,” said OCR Director Roger Severino. In 2013, under the authority granted by the HITECH Act, OCR issued the Final Omnibus Rule that, among other things, identified provisions of the HIPAA Rules that apply directly to business associates and for which business associates are directly liable. One of the most notable items is the Business Associate Agreement. The presentation highlights enforcement actions, as well as key compliance items business associates and subcontractors need to focus on.