HIPAA

Complete 2013 Update to WPF’s Landmark Patient’s Guide to HIPAA

San Diego, CA — The World Privacy Forum is very pleased to announce the publication of a major undertaking, the complete update and revision to our landmark Patient’s Guide to HIPAA. The new guide reflects the changes in HIPAA that took effect September 23, 2013. The Patient’s Guide to HIPAA is a landmark publication because it is the first and to our knowledge — only complete guide written expressly for patients. It offers a roadmap through the thicket of dense health privacy laws and rules that many patients have questions about. The purpose of this guide is to help patients understand how to make health privacy laws work to protect their privacy. Longtime World Privacy Forum contributor Bob Gellman is primary author of the Guide, including the new version. Begin exploring the update at the HIPAA Guide Home: https://www.worldprivacyforum.org/2013/09/hipaaguidehome/ .

World Privacy Forum: California, Don’t Weaken Californian’s Health Privacy Laws

July 21, 2012 San Diego, California — Today the World Privacy Forum filed comments on California’s plan to harmonize existing California state law to federal health privacy laws. California’s health privacy law, the CMIA, offers Californian’s stronger privacy protections than national level health privacy laws. WPF urges California to reconsider its plan to weaken Californian’s privacy. Executive director Pam Dixon said “The harmonization plan coming out of California’s Department of Health and Human Services is not in harmony with California patients and their health privacy.”

US Department of Health and Human Services fines Arizona provider $100,000 for HIPAA violations

In a rare enforcement action of HIPAA, HHS fined an Arizona health care provider $100,000 for a variety of HIPAA violations, especially regarding electronic exchanges of protected health information. The HHS document outlining the reasons for the fine should act as a wake-up call to health care providers using public email, calendaring, and other tools for communication of ePHI. HHS specifically noted that the fined health care provider did not conduct an adequate risk assessment prior to using the email and Internet tools. The full HHS document is a must-read for health care providers. WPF has been warning about the need for full e-risk assessments since 2005 and strongly advocates for medical-identity-theft-specific risk assessments.