As states and medical practices slowly reopen and return to normal, the HHS Office for Civil Rights (OCR) will likely end its COVID-19 public health emergency telehealth waivers that were instituted in March. In this article, Jeff Drummond discusses the current rules in place and potential impacts on providers if good-faith use of OCR-forgiven technology causes a data breach.
“Remember, there’s no private cause of action under HIPAA anyway, so when patients sue for a data breach, it’s not technically suing over a HIPAA breach,” Jeff said.
He also advises providers to perform a security risk analysis as required by HIPAA. “You should always do one when there’s a major change in line of business, or a tech platform shift, or new IT staff.”
To read more, view the Part B News article “Prepare for closer HIPAA scrutiny of telehealth as states and practices cautiously reopen” (subscription required).
Jeffery P. Drummond represents hospitals, physicians, laboratories, surgery centers, and other healthcare providers in transactional and regulatory matters. He is best known for his experience in HIPAA and medical record privacy, as well as other data privacy and security issues. Since 2002, Jeff has written a weblog on HIPAA matters at HIPAABlog.blogspot.com, and he regularly tweets about HIPAA @JeffDrummond. In recognition of his practice, Jeff has been recognized among The Best Lawyers in America in the area of Healthcare Law since 2018 and has been ranked in Texas for Healthcare by Chambers USA: America’s Leading Lawyers for Business.