On January 7, 2016, the HHS Office for Civil Rights released guidance on individuals’ right to access health information under the HIPAA Privacy Rule. The guidance clarifies areas of confusion and non-compliance by covered entities and business associates, particularly in light of the proliferation of electronic health records and electronic health information. Areas of emphasis

Our colleagues at Data Law Insights have written about the HHS Office of Civil Rights’ $750,000 settlement with the University of Washington Medicine (“UWM”) announced this week.  This third settlement in as many weeks confirms that the security risk analysis continues to be a linchpin of OCR enforcement under the HIPAA Security Rule.  Indeed, the