OCR/HHS Proposed HIPAA Privacy Rule Changes

On December 10, 2020, the Department of Health and Human Services (HHS) issued a Proposed Rule introducing new substantial changes to the HIPAA Privacy Rule for the first time since it was last touched as a result of the HITECH amendments. A Final Rule is expected either by the end of 2021, or early 2022.

This Webinar will review in detail the changes that HHS has proposed to HIPAA, such as:

• Proposed changes to HIPAA’s Right of Access, including:

• Permitting patients to take photographs of their PHI;

• Changing the maximum allowable response time from 30 days to 15 days;

• Permitting patients to transfer to a 3rd party only such ePHI that is maintained in an EMR;

• Permitting patients to request their PHI be transferred to a personal health App;

• Setting specific restrictions regarding charging patients a fee for their ePHI, including posting a fee schedule on their websites for any costs that are permitted to be charged for access and copies of PHI; and

• Ensuring patients are able to direct the sharing of ePHI maintained in an EHR between other covered entities.

• Eliminating HIPAA’s requirement for covered entities to obtain written confirmation that it has provided each patient with a HIPAA Notice of Privacy practices;

• Permitting covered entities to disclose a patient’s PHI to avert a threat to health or safety when harm is “seriously and reasonably foreseeable” (currently, the harm is “serious and imminent”);

• Permitting covered entities to make certain uses and disclosures of patient’s PHI based on their good faith belief that it is in the “best interest” of the individual;

• Adding the minimum necessary standard exception for individual-level care coordination and case management uses and disclosures, regardless of whether the activities constitute treatment or health care operations;

• Broadening the definition of healthcare operations to cover care coordination and case management; and more…….

Please note that this workshop is sponsored 100% by the New Jersey Division of Mental Health and Addiction Services (DMHAS) and is FREE to its contracted/funded agencies. There is a nominal fee for agencies that are not contracted/funded agencies. Licensed but not contracted agencies are not considered free attendees.

About Helen Oscislawski

Helen was recently selected Best Lawyers® 2022 “Lawyer of the Year” for Health Care Law in Princeton, New Jersey, a distinction awarded to one lawyer with the highest overall peer-feedback for a specific practice area and geographic region. She is also selected to the 2020 & 2021 Super Lawyers® list for Health Care Law in New Jersey, which is issued by Thomson Reuters. Every year since 2018, her law firm has also been included on the “Best Law Firms” in Health Care Law, Princeton, New Jersey list issued by Best Lawyers. Links to a description of the selection methodologies used by the organizations issuing these lists can be found here.

Helen is a corporate and regulatory attorney whose practice for over the last 20 years has focused almost exclusively on advising and representing clients in the health care industry. She is the founding member of Attorneys at Oscislawski LLC, a progressive and forward-thinking law boutique providing high-quality and cost-effective legal representation to its clients. Helen cemented her reputation as a prominent privacy and health information technology attorney through decades of developed experience and working hand-in-hand with C-suite executives and in-house general counsels on how to structure and manage complex data-sharing arrangements in compliance with applicable federal and state laws. She is known to many as a “go to” attorney for legal guidance and advice on HIPAA; 42 CFR Part 2; Breach Notification laws, as well as state laws regulating the access, use and sharing of medical, health and genetic information.

Helen also has substantial experience with helping her clients navigate legal issues when responding to ransomware attacks, data breaches, OCR audit and complaint letters, and return/sanitization of patient data taken by former employees. On the front end, Helen has completed numerous comprehensive HIPAA legal-gap assessments for health care organizations and business associates, including some of the largest health information exchanges (HIEs) in the tri-state area. In 2008, New Jersey Governor Jon Corzine appointed Helen to the New Jersey Health Information Technology Commission (NJ-HITC) to fill the seat designated by statute for “an attorney practicing in this State with demonstrated expertise in health privacy.” N.J.S.A. 26:1A-137(a)2).[statutorily defined]. In 2010, she was reappointed to NJ-HITC by Governor Christie and tapped to serve as Chair of the Privacy and Security Committee for the New Jersey HIT Coordinator. As a trusted advisor, Helen currently represents and advises some of the most cutting edge and sophisticated organizations in the nation, including several large multi-stakeholder collaboratives in the NJ/NY/PA region, as well as a number of burgeoning “big data” innovation projects and initiatives.

Before founding Attorneys at Oscislawski LLC, Helen was a health care attorney with a national law firm for almost a decade where she counseled all types of health care clients on a wide range of legal matters. Helen received her law degree from Rutgers School of Law, with honours, in 1999, and is admitted in New Jersey (since 1999) and Arizona (since 2020).