The Department of Health & Human Services (HHS) released a concept paper outlining its strategy for improving cybersecurity infrastructure within the healthcare sector. The paper calls for proposing healthcare-specific...more
On May 16, 2023, the U.S. Senate Judiciary Committee conducted a significant oversight hearing on the regulation of artificial intelligence (AI) technology, specifically focusing on newer models of generative AI that create...more
Effective July 1, 2023, a new Florida law will limit certain health care providers from storing patient information offshore. CS/CS/SB 264 (Chapter 2023-33, Laws of Florida), amends the Florida Electronic Health Records...more
5/17/2023
/ Data Collection ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Digital Health ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Florida ,
Health Care Providers ,
Legislative Agendas ,
New Legislation ,
Patients ,
Personal Data ,
State and Local Government
On January 26, 2023, the U.S. National Institute of Standards and Technology (NIST) released the Artificial Intelligence (AI) Risk Management Framework (AI Risk Management Framework 1.0), a voluntary guidance document for...more
On January 26, 2023, the U.S. National Institute of Standards and Technology (NIST) released the Artificial Intelligence (AI) Risk Management Framework (AI Risk Management Framework 1.0), a voluntary guidance document for...more
Two years ago, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator (ONC) issued regulations under the 21st Century Cures Act advancing the interoperability of electronic health...more
Virtual assistants such as Amazon’s Alexa, Facebook’s Portal, Google’s Nest Hub, and countless others continue growing in popularity as families navigate safely remaining connected with their loved ones receiving long-term...more
9/22/2021
/ ALEXA ,
Americans with Disabilities Act (ADA) ,
Assisted Living Facilities (ALFs) ,
Consent ,
Coronavirus/COVID-19 ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Long Term Care Facilities ,
Long-Term Care ,
Nursing Homes ,
Policies and Procedures ,
Senior Housing ,
Skilled Nursing Facility
The U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) released an interim final rule on October 29, 2020, delaying the implementation of the...more
11/2/2020
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Compliance ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
HIPAA Privacy Rule ,
Information Blocking Rules ,
Interim Final Rules (IFR) ,
NIST ,
OIG ,
ONC
On July 15, 2020, the Substance Abuse and Mental Health Services Administration (SAMHSA), a branch of the U.S. Department of Health and Human Services (HHS), published its much-anticipated final rule to revise 42 C.F.R. Part...more
7/23/2020
/ CARES Act ,
Confidential Information ,
Consent ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Regulations ,
Patient Privacy Rights ,
SAMHSA ,
Substance Abuse
The U.S. Department of Health and Human Services (HHS) issued companion regulations advancing the interoperability of and patient access to electronic health information under the 21st Century Cures Act that will take effect...more
The U.S. Department of Health and Human Services (HHS) has issued several waivers applicable to the provision of telehealth services during the COVID-19 emergency period. Some of these waivers expand Medicare coverage and...more
This is the first alert in a series of Bradley installments on privacy issues that may arise during the current COVID-19 pandemic. This first installment focuses on disclosure of personally identifiable health information...more
Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2019 is coming up. Under the Health Insurance Portability and...more
On August 26, 2019, the Substance Abuse and Mental Health Services Administration, part of the U.S. Department of Health and Human Services (HHS), published its much-anticipated notice of proposed rulemaking to revise 42...more
8/28/2019
/ Comment Period ,
Confidential Information ,
Consent ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Drug Treatment ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Notice of Proposed Rulemaking (NOPR) ,
Opioid ,
Patient Privacy Rights ,
Prescription Drugs ,
Proposed Rules ,
Public Comment ,
Substance Abuse
Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2018 is coming up. Under the Health Insurance Portability and...more
2/13/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Filing Deadlines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Reporting Requirements
On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Anthem, Inc. will pay $16 million to settle OCR’s investigation of its potential violations of the Health...more
10/24/2018
/ Anthem Insurance ,
Corrective Actions ,
Cyber Attacks ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
Phishing Scams ,
Settlement
On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more
8/2/2018
/ Administrative Hearings ,
Administrative Law Judge (ALJ) ,
AHLA ,
Civil Monetary Penalty ,
Confidential Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Encryption ,
Enforcement Actions ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
Risk Assessment ,
Summary Judgment
Complex. Hard. Humbling. These are the descriptors former Google CEO Eric Schmidt used last week at the HIMSS 2018 Annual Conference in Las Vegas to describe the work to be done in health information technology (HIT). ...more
Uncertain. What better word to describe a year in which a new administration came to power and began to chart a new course for health policy, the fate of the Affordable Care Act (ACA) hung in the balance, and courts grappled...more
1/25/2018
/ Affordable Care Act ,
Alternative Payment Models (APM) ,
Cooperative Compliance Regime ,
Department of Justice (DOJ) ,
Electronic Health Record Incentives ,
False Claims Act (FCA) ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Reform ,
Hospital Mergers ,
Meaningful Use ,
OIG ,
Prescription Drug Coverage ,
Repeal ,
Section 340B ,
Stark Law ,
Trump Administration ,
Universal Health Services Inc v United States ex rel Escobar
On September 7, Equifax, one of three nationwide credit-reporting agencies that compile and evaluate the financial history of consumers, announced that it suffered a security breach in which sensitive information of...more
9/18/2017
/ Centers for Medicare & Medicaid Services (CMS) ,
Credit Reporting Agencies ,
Credit Reports ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Equifax ,
Federal Trade Commission (FTC) ,
Government Investigations ,
Hackers ,
Personally Identifiable Information ,
Popular
A global ransomware attack began early last Friday and has affected businesses and government entities in 150 countries, including Britain’s national health system, FedEx, Spain’s Telefónica, and the Russian Interior...more
5/19/2017
/ Cyber Attacks ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
FBI ,
Hackers ,
Health Care Providers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management ,
US-CERT
Last month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced the largest settlement to date for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA)....more
9/21/2016
/ Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
Risk Management ,
Settlement Agreements
Part of Bradley Arant’s Privacy and Information Security Team’s seven-part Data Breach Toolkit Webinar Series, the “Data Breach Response Planning: Laying the Right Foundation” webinar, led by Paige Boshell and Amy Leopard,...more
9/17/2015
/ Banking Sector ,
Banks ,
Breach Notification Rule ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Federal Trade Commission (FTC) ,
FFIEC ,
Financial Institutions ,
FTC v Wyndham ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Incident Response Plans ,
Information Sharing ,
NIST ,
Privacy Concerns ,
Wyndham
On the heels of the widely publicized Target breach, states continue to enact legislation designed to provide notice to their citizens when a security breach involving personal data occurs. Kentucky is the latest state to...more
How should health care companies strengthen their HIPAA compliance programs to manage the risk of a potential FTC investigation?
While the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more