On December 10, 2020, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued a Notice of Proposed Rulemaking (“NPRM”) to modify the HIPAA Privacy Rule. HHS stated that the proposed modifications, which are being issued as part of HHS’s “Regulatory Sprint to Coordinated Care,” are aimed at removing barriers to coordinated care, strengthening individuals’ access to their own medical information, and reducing unnecessary administrative burdens. Proposed changes to the HIPAA Privacy Rule in the NPRM include: Continue reading “HHS Issues Proposed Changes to the HIPAA Privacy Rule”
HIPAA Marketing and Sale Provisions: Legal Potholes for Providers, Payors, Advertisers, Data Aggregators, Market Researchers and Others
The 2013 HIPAA Amendments directly apply to healthcare providers, plans and clearinghouses as “covered entities,” as well as their subcontractors and vendors as “business associates” (including their downstream subcontractors and agents). However, it is not just covered entities and business associates that need to understand the 2013 Amendments. Advertisers, data aggregators, market researchers and others that want access to PHI, even data that appear to be de-identified, will be impacted.