Due to some recent actions against online medical providers like BetterHealth and GoodRX, the Department of Health and Human Services has released a new warning for covered entities regarding the tracking methods they use on their websites.
While web tracking has become a typical technology for most businesses, it’s not a cut-and-dry proposition for healthcare providers who have to maintain patient privacy.
In the interconnected world of digital health information, safeguarding Protected Health Information is paramount. Healthcare providers must legally follow the Health Insurance Portability and Accountability Act (HIPAA) to protect patient privacy and maintain trust, and this compliance includes understanding what it means to identify and deal with security incidents.
Among these, the concepts of security incidents, reportable events, and the implementation of the Breach Notification Rule are particularly critical. These aspects of HIPAA are at the heart of ensuring that health information remains confidential and that violations are promptly addressed and communicated appropriately.
This article explains the obligations of HIPAA-covered entities and their business associates under the Breach Notification Rule regarding reportable events. We will explore how to identify security incidents, determine their severity, ascertain if they constitute a reportable event, and understand the necessary steps for notification during a breach.
In response to changes in the medical industry due to COVID-19, the Department of Health and Human Services (HHS) and Substance Abuse and Mental Health Services Administration (SAMHSA) have put forth a Notice of Proposed Rulemaking to streamline how doctors can access mental health information.
This article will discuss this rule change and why it seeks to address the gaps between HIPAA disclosure and mental health information protections.