Subscribe Now!
Free Daily News, Jobs, Webcasts, Discussions
Display and Distribute
Your Job Openings
ARPA News
ARPA Webcasts

Featured Jobs

401(k) Retirement Plan Administrator

Heritage Pension Advisors, Inc.
(Telecommute / Commack NY)

Heritage Pension Advisors, Inc. logo

401(k) Retirement Plan Administrator

BDS Consulting Group
(Worcester MA)

Client Services Manager

Pinnacle, An NPPG Company
(Delray Beach FL)

Principal Legal Content Specialist - Benefits

Bloomberg Industry Group
(Telecommute / Arlington VA)

Bloomberg Industry Group logo

Defined Benefit Plan Administrator

Pension Investors Corp of Orlando Inc
(Telecommute / Altamonte Springs FL)

Pension Investors Corp of Orlando Inc logo

401(k) Plan Administrator

Pension Investors Corp
(Telecommute / Hollywood FL)

Pension Investors Corp logo

Senior Compliance Analyst

Ubiquity Retirement + Savings
(Telecommute / San Francisco CA / AZ / CO / FL / IL / KY / LA / MA / NC / NJ / NV / NY / OH / OR / RI / SC / TN / TX / WA)

Ubiquity Retirement + Savings logo

Free Daily News and Jobs

“BenefitsLink continues to be the most valuable resource we have at the firm.”

-- An attorney subscriber

Mobile App image LinkedIn icon
Twitter icon
Facebook icon

View ARPA News and Resources

<< Older News  |  April 12, 2021

News

All News > HIPAA

Get this news and more in our free daily email newsletters.
Equitable Relief Available to Participant's Estate May Equal the Cost of Forgone Heart Transplant
Kantor & Kantor Link to more items from this source
Apr. 1, 2021

"The magistrate reasoned that if plaintiff were successful in proving that the defendants breached their fiduciary duties in the dilatory manner in which they processed Mr. Holman's claims as he was dying, surcharge in the amount that the PSA Defendants were unjustly enriched -- presumably equal to the cost of the heart transplant -- could be an available remedy." [Rose v. PSA Airlines, Inc. Group Insurance Plan, No. 19-695 (W.D.N.C. mag. rep. Mar. 25, 2021)]

Tags: Fiduciary Duties  •  HIPAA

Staggering Increase in Ransomware Attacks During 2021 Cost Healthcare Industry $21 Billion
FierceHealthcare Link to more items from this source
Mar. 26, 2021

"Ransomware attacks cost the healthcare industry $20.8 billion in downtime in 2020, which is double the number from 2019 ... 92 individual ransomware attacks occurred at healthcare organizations, and 600 clinics, hospitals and organizations were affected.,,, [N]ore than 18 million patient records were impacted ... a 470% increase from 2019[.]"

Tags: Cybersecurity  •  HIPAA  •  Health Plan Costs

Text of HHS Extension of Comment Period on Proposed Regs: Modifications to the HIPAA Privacy Rule
U.S. Office of Civil Rights [OCR], U.S. Department of Health and Human Services [HHS] Link to more items from this source
[Official Guidance]
Mar. 9, 2021

"The comment period for the proposed rule, which would end March 22, 2021, is extended to May 6, 2021."

Tags: HIPAA

Business Associate Liability Under HIPAA
Frost Brown Todd LLC Link to more items from this source
Mar. 2, 2021

"[T]his article outlines what a business associate is, what a business associate's obligations are, how a business associate can be liable for HIPAA violations, and tips to avoid such liability."

Tags: HIPAA

New Guidance from DOL Regarding the Suspension of Certain Employee Benefit Plan Deadlines Due to COVID-19
Akerman Link to more items from this source
[Guidance Overview]
Mar. 1, 2021

"[I]ndividuals and plans with deadlines that are suspended pursuant to the previously-issued rule will have the applicable periods under the Notices disregarded until the earlier of: [1] one year from the date they were 'first eligible for relief' ... or [2] 60 days after the announced end of the National Emergency."

Tags: COBRA  •  Coronavirus (COVID-19)  •  HIPAA  •  Health Plan Administration  •  Retirement Plan Administration

DOL Issues Guidance on Outbreak Period Extensions
Groom Law Group Link to more items from this source
[Guidance Overview]
Mar. 1, 2021

"It is unclear how plans, TPAs, and insurers will be able to build their systems to create custom COBRA, special enrollment, and claims deadlines individual-by-individual ... Many may have to extend the deadlines for all while they determine how to proceed. This complexity will be even greater if COBRA subsidies are enacted ... DOL seems to be saying that plans may need to notify each individual when his or her one-year extension is about to be up[.]"

Tags: COBRA  •  Coronavirus (COVID-19)  •  HIPAA  •  Health Plan Administration

COVID-19 Deadline Extensions -- No More Time Outs But No Single Deadline Either
Jackson Lewis P.C. Link to more items from this source
[Guidance Overview]
Mar. 1, 2021

"[Disaster Relief Notice 2020-01] acknowledges that the agencies understand and appreciate the complications this latest guidance creates for plan administrators to immediately restart the clock of daily COBRA, HIPAA, and other deadlines and for individuals who now must immediately catch up monthly COBRA premium obligations to maintain health insurance under the employer's plan ... To be considered as acting in 'good faith and with reasonable diligence,' [here is a list of steps employers should take]."

Tags: COBRA  •  Cafeteria Plans  •  Coronavirus (COVID-19)  •  Dependent Care  •  HIPAA

COBRA/HIPAA Outbreak Guidance – an Answer (Finally)
Kushner & Company Link to more items from this source
[Guidance Overview]
Feb. 26, 2021

"Effectively, the guidance says that all of the 'pause' buttons are on an individual-by-individual rolling basis. Thus for example, an employee who terminated prior to March 1, 2020 but whose COBRA 60-day election timeline had already begun to run but not yet expired, the timeline suspensions will end on February 28, 2021."

Tags: COBRA  •  Coronavirus (COVID-19)  •  HIPAA

Calendar Year 2020 HIPAA Small Breach Notifications Due March 1, 2021
Davis Wright Tremaine LLP Link to more items from this source
Feb. 24, 2021

"A small breach involves fewer than 500 individuals.... Covered entities [must] report small breaches to OCR no later than 60 days after the end of the calendar year in which the small breaches were discovered. For calendar-year 2020, small breaches notifications are due on or before March 1, 2021."

Tags: HIPAA

Editor's Pick Do the COBRA and HIPAA Outbreak Periods End on February 28, 2021?
Kushner & Company Link to more items from this source
[Guidance Overview]
Feb. 19, 2021

"[W]ith just 10 days left before February 28, 2021, there is a bit of confusion as to how to handle what may mean the end of the pandemic's National Emergency declaration and the 'un-pause' of the prior paused timelines.... Congress and/or the agencies ... have four possible choices."

Tags: COBRA  •  Coronavirus (COVID-19)  •  HIPAA

'Outbreak Period' Ending February 28, 2021?
TRI-AD Link to more items from this source
[Guidance Overview]
Feb. 18, 2021

"Without an extension of this 12-month expiration date, [the author] believes the clock starts again on March 1, 2021 for COBRA, certain HIPAA special enrollment, and COBRA qualifying events and claims appeals."

Tags: COBRA  •  Coronavirus (COVID-19)  •  HIPAA

Clock May Begin Ticking Soon for Important Deadlines Suspended Due to COVID-19
Groom Law Group Link to more items from this source
[Guidance Overview]
Feb. 18, 2021

"Adding to the confusion is a one-year statutory limit that applies to extensions mandated by the Departments. Since the Outbreak Period Extensions were first effective as of March 1, 2020, that one-year limit will be up shortly.... [P]lans and plan administrators should decide whether to end the extensions on midnight on February 28, 2021 based on this one-year limit."

Tags: COBRA  •  Coronavirus (COVID-19)  •  HIPAA

'You Just Missed the Exit', or 'Where's the Guidance on Ending the Outbreak Period?'
Lockton Link to more items from this source
[Guidance Overview]
Feb. 17, 2021

"[H]ere we are, almost a year out, and the president hasn't rescinded the national emergency. But under ERISA, the feds only had the authority to suspend these deadlines for a year.... So, what happens on March 1 with respect to all those folks who, since then, haven't yet elected COBRA, paid their COBRA premium, submitted claims, applied for HIPAA special enrollment, or filed an appeal on a denied claim?"

Tags: COBRA  •  Coronavirus (COVID-19)  •  HIPAA

Editor's Pick Incentivizing (COVID-19) Vaccinations: What Employers Need to Know
Ogletree Deakins Link to more items from this source
[Guidance Overview]
Feb. 15, 2021

"Employers that offer incentives to employees to get vaccinated may be creating group health plans under [ERISA]. In addition, incentivized vaccination programs may need to comply with [HIPAA] ... [G]uidance issued under the Genetic Information Nondiscrimination Act of 2008 (GINA) provides a road map for employers to avoid running afoul of GINA."

Tags: HIPAA  •  Health Plan Design

OCR Enters Into $5.1 Million Settlement with Health Plan Following Large and Lengthy Data Breach
Nixon Peabody LLP Link to more items from this source
Feb. 2, 2021

"Although the financial settlement is a large dollar amount, a number of factors likely impacted that penalty, including the high number of impacted individuals and the fact that the breach involved information with a higher degree of sensitivity, such as Social Security numbers and bank account information. In addition, the fact that the hackers reportedly had access to the Excellus system for such a long period likely played into the financial settlement amount."

Tags: HIPAA

IRS Issues 2020 Version of Publication 502 on Medical and Dental Expenses
Thomson Reuters / EBIA Link to more items from this source
Jan. 29, 2021

"Publication 502 provides valuable guidance on what qualifies as a medical expense under Code Section 213(d), and thus helps identify the expenses that may be reimbursed or paid by health FSAs, HSAs, or HRAs, or covered on a tax-favored basis under other group health plans (e.g., employer-sponsored medical plans). But Publication 502 should be used with caution in connection with these benefits because it addresses the deductibility of medical expenses for individuals -- it does not account for differences in the rules for reimbursing expenses under health FSAs, HSAs, or HRAs."

Tags: HIPAA  •  HSAs  •  Health Plan Costs

Fifth Circuit Weakens HHS' Ability to Enforce HIPAA Safeguards
McGuireWoods Link to more items from this source
Jan. 28, 2021

"[T]he court found that the Security Rule did not require M.D. Anderson to have a 'bulletproof' mechanism, nor was it required to enforce the mechanism 'rigorously.' ... Under the court's pained interpretation of the Privacy Rule, M.D. Anderson's loss of ePHI via theft and loss did not qualify as a disclosure.... [T]he court held that the regulation required OCR to prove that someone outside the covered entity actually received the ePHI, and that OCR had failed to do so here." [Univ. of Texas M.D. Anderson Cancer Center v. HHS, No. 19-60226 (5th Cir. Jan. 14, 2021)]

Tags: HIPAA

Fifth Circuit Ruling May Make HIPAA Enforcement More Difficult for HHS
Dentons Link to more items from this source
Jan. 22, 2021

"[T]he court emphasized that the plain language of the Encryption Rule only requires that a covered entity have a 'mechanism' for encryption in place; a covered entity's failure to encrypt three devices did not mean that it 'never implemented 'a mechanism' to encrypt anything at all.' ... The court held that HHS could not prove that M.D. Anderson 'disclosed' ePHI 'without proving that someone 'outside' the entity received it,' a standard that the agency conceded could not be met in that case, and that would be difficult to meet generally." [Univ. of Texas M.D. Anderson Cancer Center v. HHS, No. 19-60226 (5th Cir. Jan. 14, 2021)]

Tags: HIPAA

Fifth Circuit Criticizes OCR's HIPAA Enforcement Process, Vacates $4.3 Million Civil Penalty
Thomson Reuters / EBIA Link to more items from this source
Jan. 21, 2021

"Although this case is still working its way through proceedings, this strongly worded opinion calls into question some fundamental principles of OCR's enforcement approach. For example, OCR has consistently asserted that an unauthorized disclosure occurs whenever PHI is publicly accessible through an internet search--regardless of whether it can demonstrate that anyone actually accessed the PHI in that way. It will be harder for OCR to establish privacy rule violations if it has to prove that an unauthorized recipient actually accessed PHI." [Univ. of Texas M.D. Anderson Cancer Ctr. v. HHS, No. 19-60226 (5th Cir. Jan. 14, 2021)]

Tags: HIPAA

Editor's Pick Pending Proposed Rule Would Make Far-Reaching Changes to HIPAA Privacy Regime
Akin Gump Link to more items from this source
[Guidance Overview]
Jan. 20, 2021

"The [HHS] Proposed Rule would affect how individuals may exercise their rights to access and share their protected health information (PHI), limit and adjust the fees covered entities may charge for access, introduce new concepts such as 'electronic health record' (EHR) and 'personal health application' (PHA) into a health information ecosystem already awash in acronyms, broaden data sharing by modifying the 'minimum necessary' standard and adjusting the definition of 'health care operations,' and reduce administrative burdens relating to the ubiquitous HIPAA notice of privacy practices, among other changes."

Tags: HIPAA

Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People
U.S. Department of Health and Human Services [HHS] Link to more items from this source
Jan. 18, 2021

"Excellus Health Plan reported that the breach began on or before December 23, 2013, and ended on May 11, 2015. The hackers installed malware and conducted reconnaissance activities that ultimately resulted in the impermissible disclosure of the protected health information of more than 9.3 million individuals, including their names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims, and clinical treatment information."

Tags: HIPAA

Proposed Changes to Privacy Regs Would Clarify Individual Access Rights and Make Other Targeted Changes
Thomson Reuters / EBIA Link to more items from this source
[Guidance Overview]
Jan. 14, 2021

"The proposal would require covered entities to act on access requests 'as soon as practicable' and would shorten the deadline for action from 30 to 15 days.... Health plan participants could, however, instruct their health plan to request EHRs from covered health care providers, which would then be required to disclose the requested EHRs directly to the plan.... The proposal would clarify that health plans' care coordination and case management activities -- whether based on broad populations or particular individuals -- are considered health care operations."

Tags: HIPAA

Legislation Requires HHS to Consider Entities' Cybersecurity Practices in Enforcing HIPAA
Thomson Reuters Practical Law Link to more items from this source
[Guidance Overview]
Jan. 13, 2021

"Congress has passed and President Trump has signed legislation that amends the Health Information Technology for Economic and Clinical Health Act (HITECH Act) to require HHS, in enforcing HIPAA, to consider whether HIPAA covered entities (CEs) or business associates (BAs) have implemented and applied certain recognized security practices -- including with regard to cybersecurity[.]"

Tags: Consolidated Appropriations Act, 2021   •  HIPAA

HITECH Act Amendment Incentivizes Adoption of Cybersecurity Safeguards as a Defense or Mitigation to HIPAA Enforcement
Health Law Advisor, Epstein Becker Green Link to more items from this source
[Guidance Overview]
Jan. 11, 2021

"The new law provides a strong incentive to covered entities and business associates to adopt 'recognized cybersecurity practices' and risk reduction frameworks when complying with the HIPAA privacy and security standards to reduce risk associated with security threats and HHS enforcement determinations."

Tags: Cybersecurity  •  HIPAA

Editor's Pick 2021 ABD Employee Benefit Plan Compliance Guides
ABD Insurance & Financial Services Link to more items from this source
Jan. 11, 2021

Article provides links to a dozen compliance guides covering various aspects of health plan benefit design and administration.

Tags: COBRA  •  HIPAA  •  Health Plan Administration


<< Older News  |  April 12, 2021

© 2021 BenefitsLink.com, Inc.