healthcare-privacy-skills

Implements 42 CFR Part 2 protections for substance use disorder patient records. Covers written consent requirements stricter than HIPAA, re-disclosure prohibition, court order procedures, qualified service organization agreements, and 2024 amendments aligning Part 2 with HIPAA. Keywords: 42 CFR Part 2, substance use disorder, SUD records, re-disclosure, consent, Part 2 amendments.

Addresses healthcare AI privacy at the intersection of HIPAA and the EU AI Act for clinical decision support systems. Covers training data PHI handling, model transparency and explainability, patient rights in algorithmic decisions, FDA/OCR regulatory coordination, and bias monitoring. Keywords: healthcare AI, HIPAA, AI Act, clinical decision support, PHI training data, model transparency.

Manages HIPAA Business Associate Agreements under 45 CFR §164.502(e) and §164.504(e). Covers required BAA provisions, business associate vs subcontractor obligations, breach notification chain, downstream BA requirements, and termination remedies. Keywords: BAA, business associate, subcontractor, HIPAA compliance, PHI disclosure, termination.

Implements HIPAA breach notification requirements under 45 CFR §164.400-414. Covers individual notification within 60 days, HHS reporting thresholds (500+ immediate, under 500 annual), state attorney general notification, media notification for 500+ in a state, and breach risk assessment. Keywords: HIPAA breach notification, HHS reporting, OCR breach portal, individual notice, state attorney general.

Implements HIPAA de-identification methods under 45 CFR §164.514(a)-(b). Covers expert determination method and safe harbor method with 18 identifiers removal, re-identification risk assessment, limited dataset requirements, and data use agreements. Keywords: HIPAA de-identification, safe harbor, expert determination, 18 identifiers, limited dataset, PHI.

Implements HIPAA minimum necessary standard under 45 CFR §164.502(b). Covers role-based access policies per workforce member category, routine vs non-routine disclosure protocols, reasonable reliance doctrine, documentation requirements, and HITECH amendments. Keywords: minimum necessary, role-based access, workforce, routine disclosure, HIPAA.

Implements HIPAA Privacy Rule requirements under 45 CFR §164.500-534 for covered entities and business associates. Covers minimum necessary standard, treatment-payment-operations exceptions, directory opt-out, personal representative rules, and authorization requirements. Keywords: HIPAA Privacy Rule, PHI, minimum necessary, TPO, authorization, covered entity.

Conducts HIPAA risk analysis per 45 CFR §164.308(a)(1) following OCR guidance methodology. Covers threat identification, vulnerability assessment, likelihood and impact determination, risk scoring, and mitigation planning for electronic protected health information. Keywords: HIPAA risk analysis, OCR guidance, threat assessment, vulnerability, risk management, ePHI.

Implements HIPAA Security Rule technical safeguards under 45 CFR §164.312 for electronic protected health information. Covers access controls with unique user identification, emergency access procedures, automatic logoff, encryption, audit controls, integrity controls, and transmission security. Keywords: HIPAA Security Rule, ePHI, access controls, encryption, audit controls, technical safeguards.

Implements HITECH Act privacy and security requirements including breach notification expansion, four-tier penalty structure, state attorney general enforcement authority, EHR meaningful use privacy conditions, and business associate direct liability. Keywords: HITECH Act, breach notification, penalty tiers, state AG enforcement, meaningful use, EHR privacy.

Implements telehealth privacy compliance covering HIPAA requirements for virtual care, state licensing and recording consent laws, platform security with BAA requirements for telehealth vendors, cross-state prescribing rules, and OCR enforcement discretion during public health emergencies. Keywords: telehealth privacy, virtual care, HIPAA, recording consent, platform BAA, cross-state licensing, OCR enforcement.