HIPAA

By Jonah Comstock May 4, 2017
OCR settles HIPAA complaint with CardioNet. CardioNet, one of the oldest companies in the mobile cardiac arrhythmia monitoring space, has agreed to pay the Office of Civil Rights $2.5 million and enter into a corrective action plan in the end result of a HIPAA breach investigation that's been going on since 2012. The judgment is significant, writes law firm Morgan Lewis in a blog post, because it...
By Jonah Comstock July 19, 2016
The ONC issued a report to Congress today laying out the gaps that exist in health data protection. The report opines at length about non-covered entities (NCEs), the large swath of consumer-facing companies that aren’t subject to HIPAA. “The wearable fitness trackers, social media sites where individuals share health information through specific social networks, and other technologies that are...
By Jonah Comstock June 7, 2016
Last week the Office of the National Coordinator for Health IT launched two new online tools to connect patients to their data, a series of consumer-facing videos to educate patients about their data access rights and a provider-facing “Patient Engagement Playbook” to walk hospitals through the steps to patient engagement. “Many people are not fully aware of their right to access their own...
By Jonah Comstock March 28, 2016
Piggybacking on a Wall Street Journal story about how Castlight Health uses health data to drive healthcare savings for employers, The New York Times editorial board called Sunday for federal protections that would prevent employers from hiring or firing based on an employee's health data. "[A] group of legal scholars has called for federal legislation that would bar companies from hiring or...
By Jonah Comstock March 9, 2016
Last week at HIMSS, ONC Chief Privacy Officer Lucia Savage talked about what HIPAA doesn't say. On Thursday, her predecessor, former ONC privacy chief Joy Pritts, talked about what HIPAA doesn't cover. Pritts, now a consultant, was joined by Morgan Reed, the executive director of ACT The App Association, in a talk about pitfalls providers can fall into when it comes to patient data privacy. "If I...
By Jonah Comstock March 7, 2016
The ONC and OCR are tired of providers using HIPAA as an excuse not to share data with patients — the opposite of its intended purpose. That was the strongest message delivered by ONC Chief Privacy Officer Lucia Savage, who said during an educational session at HIMSS16 in Las Vegas that her office is working on an educational campaign, including blog posts, fact sheets, and new guidance documents...
By Aditi Pai February 12, 2016
The HHS Office for Civil Rights has published additional guidance on its mHealth Developer Portal that provides developers with different scenarios in which HIPAA might apply to the data their app collects. “We hope these new scenarios will help developers determine how federal regulations might apply to products they are building; we also hope they will reduce some of the uncertainty that can be...
By Jonah Comstock January 25, 2016
Employee wellness programs have the potential to save money for companies and reduce hospitalizations for employees, so provisions in the Affordable Care Act encourage businesses to implement them. But if those programs include mandatory or incentivized health screenings, they can conflict with another, older federal statute: The Americans with Disabilities Act (ADA), which prohibits employers...
By Jonah Comstock December 14, 2015
Hackensack, New Jersey-based Vidyo, a videoconferencing company that works with healthcare stakeholders, has raised a $10 million strategic investment from Kaiser Permanente Ventures and another $5 million from existing investors.   “Kaiser Permanente Ventures is committed to partnering with innovative organizations that support our work to improve the health of patients and the communities we...
By Jonah Comstock November 2, 2015
Just last week, the Consumer Electronics Association released guidelines about privacy policies for health and fitness devices. At the Partners Healthcare Connected Health Symposium in Boston last week, a panel of experts also had some ideas about maintaining privacy and security in the world of health and fitness devices -- a world where HIPAA often doesn't apply. Right now, the biggest...