Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About

Trending Topics

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni

    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor & Employment
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations

    Industries

    View All

    • Cannabis
    • Consumer
    • Energy
    • Entertainment
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Non Profit
    • Real Estate
    • Technology

    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    1. Home
    2. Insights
    3. Articles
    4. OCR releases new set of FAQs to address transmission of ePHI to appsArticles

    Article

    OCR releases new set of FAQs to address transmission of ePHI to apps

    April 22, 2019

    Share

    By Jéna Grady

    On April 18, 2019, the Department of Health and Human Services Office for Civil Rights (OCR) released new FAQs relating to HIPAA right of access to ePHI.

    On April 18, 2019, the Department of Health and Human Services Office for Civil Rights (OCR) released new FAQs relating to HIPAA right of access to ePHI. Specifically, the FAQs address applications or other software (collectively “apps”) designated by patients to receive ePHI from a covered entity’s EHR (electronic health record) system. The FAQs discuss liability for transmission of ePHI and the apps’ subsequent use or disclosure of health information, business associate relationships and agreements with apps, and whether a covered entity may refuse to disclose ePHI to an app.

    OCR emphasized that once ePHI is disclosed to an app, as directed by a patient, a covered entity will not be liable under HIPAA for uses or disclosures of ePHI by the app so long as the app is not a business associate of the covered entity. A business associate relationship will not exist when the app was not developed for or provided by or on behalf of the covered entity. Subsequently, OCR noted an app’s access to a patient’s ePHI at the patient’s request alone would not trigger a business associate relationship or require a business associate agreement to be put in place for the transmission of ePHI from a covered entity.

    OCR provided there would be a business associate relationship between a covered entity and an app developer when the app is one a covered health care provider uses to provide services to individuals involving ePHI. In that case, OCR noted the covered health care provider may be liable under the HIPAA Rules if the covered entity’s patient selects that app and that app impermissibly discloses the ePHI it receives.

    OCR also provided that under the individual’s right of access to their ePHI, a patient may request a covered entity to direct their ePHI to a third-party app in an unsecure manner or through an unsecure channel. Therefore, a patient could request to a covered entity that their unencrypted ePHI be transmitted to an app as a matter of convenience. OCR noted that the covered entity would not be responsible for unauthorized access to the patient’s ePHI while being transmitted to the app. However, OCR recommended that covered entities notify patients of the potential risks of unsecure transmission of ePHI at least the first time the patient makes such a request.

    Also based on an individual’s right of access to their ePHI, OCR stated that a covered entity may not refuse to disclose ePHI to an app chosen by an individual solely because of concerns about how the app will use or disclose the patient’s ePHI. Examples of impermissible refusals provided by OCR included denying disclosure to an app because the app will share the patient’s ePHI for research purposes or because the app does not encrypt the patient’s data when at rest.

    OCR FAQs can be found here.

    PrivacyHealth Care And Hipaa

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • © 2023 Nixon Peabody. All rights reserved
    • Privacy Policy
    • Terms of Use
    • Statement of Client Rights
    • Supplier Diversity Program
    • Nixon Peabody International LLC
    • PAL