As we reflect on the flurry of activity in the health care data privacy and security space in 2023 and look ahead to what will continue to be a busy 2024, we are seeing the early stages of federal agency movement to align the...more
1/26/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Healthcare ,
HIPAA Privacy Rule ,
Information Blocking Rules ,
Mental Health ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Reproductive Healthcare Issues ,
Request For Information ,
SAMHSA ,
Substance Abuse ,
Transparency
In April, 2020, in an effort to facilitate a national pivot to telehealth in light of the COVID-19 Public Health Emergency (PHE), the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a policy...more
5/2/2023
/ Business Associates Agreement (BAA) ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Due Diligence ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Public Health Emergency ,
Security Risk Assessments ,
Subcontractors ,
Vendors
In response to concerns about the confidentiality of protected health information (PHI) related to reproductive health care less than one year after Dobbs v. Jackson Women’s Health Organization decision, and the prospect of...more
Covered Entities and Business Associates should promptly and carefully review their use of online tracking technologies on their websites and mobile apps following a bulletin (Bulletin) published by the U.S. Department of...more
12/8/2022
/ Class Action ,
Compliance ,
Data Collection ,
Dobbs v. Jackson Women’s Health Organization ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
OCR ,
PHI ,
Reproductive Healthcare Issues ,
Risk Assessment ,
Websites
State laws that restrict or criminalize abortions will require significant amounts of health information to enforce, putting new pressure on health care providers caught in the middle of competing obligations to their...more
In the wake of the Supreme Court’s ruling in Dobbs vs. Jackson Women’s Health Organization, much has been written about how existing privacy laws, such as the Health Insurance Portability and Accountability Act (“HIPAA”), are...more
A recent settlement agreement between a clinical laboratory and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) to resolve potential HIPAA Security Rule violations proves to be a...more
With a notably sharply worded opinion, the Fifth Circuit recently vacated over $4.3 million in penalties levied against the University of Texas M.D. Anderson Cancer Center (M.D. Anderson) by the Department of Health and Human...more
In the waning days of the Trump administration, the Office for Civil Rights (“OCR”) announced a number of new initiatives, including proposed HIPAA amendments, and a very recent COVID-19 related Notice of Enforcement...more
As we’re all painfully aware, public health issues dominated 2020 and with the country’s attention focused on COVID-19 testing, status, transmission and care, HIPAA went mainstream. Health information became critical not only...more
The Department of Health and Human Services (HHS) is pushing ahead in its Regulatory Sprint to Coordinated Care with a new proposed rule, announced by HHS’ Office for Civil Rights (OCR) on December 10, to modify the HIPAA...more
US hospitals and healthcare facilities struggling to maintain normal operations during the COVID-19 emergency, were warned this week by the federal Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of...more
The U.S. Department of Health and Human Services (HHS) recently released a final rule further amending 42 CFR Part 2 regulations (Part 2) to allow greater sharing of patient records related to substance use disorder (SUD)...more
7/20/2020
/ Confidentiality Policies ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Drug & Alcohol Abuse ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opioid ,
Patient Privacy Rights ,
Prescription Drugs ,
Substance Abuse
In recognition of the widespread disruptions the COVID-19 crisis is posing to planned and ongoing clinical trials at sites throughout the United States (and global clinical sites), the Food and Drug Administration (FDA)...more
Amidst the novel coronavirus (COVID-19) outbreak, the Secretary of the U.S. Department of Health and Human Services (HHS), Alex M. Azar, took steps on March 15, 2020, to waive sanctions and penalties related to certain...more
As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more
12/24/2019
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
Covered Entities ,
Data Breach ,
Data Security ,
Enforcement Actions ,
FBI ,
General Data Protection Regulation (GDPR) ,
Government Investigations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Phishing Scams ,
Ransomware
On October 17, 2019, the Department of Health & Human Services (HHS) published two proposed rules (one by the Office of Inspector General (OIG) and one by the Centers for Medicare & Medicaid Services (CMS)) that, if...more
10/22/2019
/ 21st Century Cures Act ,
Anti-Kickback Statute ,
Beneficiary Inducement ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Comment Period ,
Cybersecurity ,
EHR ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Reform ,
OIG ,
Popular ,
Proposed Rules ,
Public Comment ,
Safe Harbors ,
Stark Law ,
Value-Based Care
On August 22, the Substance Abuse and Mental Health Services Administration (“SAMHSA”) announced a new proposed rule (the “Proposed Rule”) amending 42 CFR part 2 (“Part 2”), which is aimed at protecting patient records...more
9/4/2019
/ Confidential Information ,
Consent ,
Disclosure Requirements ,
Health Care Providers ,
HIPAA Privacy Rule ,
Information Sharing ,
Medical Records ,
Opioid ,
Patient Privacy Rights ,
Pharmaceutical Industry ,
Proposed Rules ,
SAMHSA ,
Substance Abuse
There are reports that HHS plans to issue a proposed rule next month, which would again amend 42 CFR Part 2 (“Part 2”) and modify how the medical records of patients with substance abuse disorders are currently shared between...more
7/26/2019
/ Confidential Information ,
Consent ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Patient Privacy Rights ,
Proposed Amendments ,
Proposed Rules ,
Substance Abuse
On June 28, 2018, California passed the California Consumer Privacy Act (CCPA) and then further amended it on September 23, 2018. CCPA breaks new state law privacy ground and imposes consumer protections that are comparable...more
Software developers are racing to develop health care products that leverage artificial intelligence (AI), including machine learning and deep learning. Examples include software that analyzes radiology images and pathology...more
As we look back on 2017, one message is clear: don’t be a Scrooge when it comes to HIPAA compliance. With ever-evolving security threats and unrelenting enforcement, regulated entities must maintain a spirit of compliance...more
A draft bill recently introduced in the U.S. Senate serves as a good reminder that compliance with data breach reporting requirements is critical. This bill follows significant, high-profile data breaches by Uber and Equifax,...more
Consumers are increasingly turning to health apps for a variety of medical and wellness-related purposes. This has in turn caused greater amounts of data—including highly sensitive information—to flow through these apps....more
10/26/2017
/ App Developers ,
Business Associates ,
Cloud Service Providers (CSPs) ,
COPPA ,
Covered Entities ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
Encryption ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
OCR ,
Personally Identifiable Information ,
PHI ,
Privacy Policy ,
Subcontractors
Last week, the HHS Office for Civil Rights (OCR) launched an improved version of their HIPAA Breach Reporting Tool (HBRT), commonly referred to by OCR and regulated entities alike as the HIPAA “Wall of Shame.” OCR has also...more