On April 26, the Federal Trade Commission (FTC) approved its Final Rule revising the Health Breach Notification Rule (HBNR) (“Final Rule”) by a 3-2 vote. The HBNR requires vendors of personal health records (PHR) and related...more
6/5/2024
/ Breach Notification Rule ,
Data Breach ,
Enforcement ,
Federal Trade Commission (FTC) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Healthcare ,
Penalties ,
PHI ,
Popular ,
Reporting Requirements ,
Rulemaking Process ,
Vendors
Colorado has just become the first state to extend its comprehensive privacy law, the Colorado Privacy Act (“CPA”), to “neural data.” After passing unanimously in the Colorado Senate earlier this spring, bipartisan House Bill...more
Colorado became the first state to comprehensively address artificial intelligence (“AI”), passing Senate Bill 24-205, or the Colorado Artificial Intelligence Act, on May 17, 2024 (“Act”). The Act establishes the nation’s...more
6/3/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
Colorado ,
Compliance ,
Disclosure Requirements ,
Governance Standards ,
High Risk Sectors ,
New Legislation ,
Penalties ,
Popular ,
Risk Management
On March 18, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Bulletin revising its December 1, 2022 Guidance concerning the HIPAA obligations of covered entities and...more
On October 3, the Department of Defense, General Services Administration, and the National Aeronautics and Space Administration published two sets of proposed revisions to the Federal Acquisition Regulation (“FAR”) pertaining...more
On September 27, 2023, FDA finalized its guidance entitled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions” (the “2023 Final Guidance”). The Final Guidance replaces...more
10/11/2023
/ Artificial Intelligence ,
Cybersecurity ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Final Guidance ,
Food and Drug Administration (FDA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Machine Learning ,
Medical Devices ,
NTIA ,
Popular ,
Premarket Approval Applications ,
Risk Management ,
Software ,
Source Code
On February 1, the Federal Trade Commission (“FTC”) announced its first enforcement action under the Health Breach Notification Rule (“HBNR” or “Rule”) against GoodRx, a direct-to-consumer digital healthcare and prescription...more
2/22/2023
/ Application Programming Interface (APIs) ,
Breach Notification Rule ,
Data Privacy ,
Enforcement ,
Federal Trade Commission (FTC) ,
Final Rules ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notification Requirements ,
Popular ,
Social Security Act
On February 1, 2023, the Federal Trade Commission (FTC) announced that it has taken enforcement action for the first time under its Health Breach Notification Rule (HBNR) against GoodRx Holdings Inc. (GoodRx), for allegedly...more
On December 1, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services provided guidance on the intersection of the Health Insurance Portability and Accountability Act (HIPAA) and the use of...more
On October 10, the Colorado Attorney General (“AG”) released its draft regulations outlining businesses’ obligations under the Colorado Privacy Act (“CPA”). The 38-page set of draft regulations flesh out several novel privacy...more
On August 24, the California Attorney General (“AG”) announced its first enforcement settlement under the California Consumer Privacy Act (“CCPA”). The $1.2M fine with an international retailer settled claims that the...more
On September 14, 2022, the Federal Bureau of Investigation (FBI) issued a Private Industry Notification (Notification) warning the industry regarding increasing cyber-attack activity against healthcare providers and payment...more
On April 28, 2022, in a joint letter written by the HHS Secretary, Xavier Becerra, and CMS Administrator, Chiquita Brooks-LaSure, to the Chairwoman of the Federal Communications Commission (FCC), HHS requested an opinion...more
On April 6, 2022, the Department of Health and Human Services Office for Civil Rights (OCR) issued a Request for Information (RFI) to solicit public comments on the implementation of the “safe harbor” under the Health...more
On April 6, 2022, HHS Office for Civil Rights (OCR) issued a Request for Information (RFI) to solicit public comment on the implementation of the newly-enacted “safe harbor” under the Health Insurance Portability and...more
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a Policy Statement instructing health app and connected device companies to comply with the Health Breach Notification Rule (“the Rule”). The Rule, codified...more
11/2/2021
/ Breach Notification Rule ,
Data Breach ,
Electronic Devices ,
Federal Trade Commission (FTC) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Mobile Apps ,
PHI ,
Popular ,
Security Breach
On July 7, 2021, Colorado enacted a new privacy law, titled the Colorado Privacy Act (CPA). The CPA is the third state-level omnibus data privacy law, similar in scope to the California Consumer Privacy Act (CCPA) and the...more
8/11/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Colorado ,
Consumer Privacy Rights ,
Enforcement ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
New Legislation ,
Personal Information ,
Privacy Laws
On April 1, in a highly anticipated decision that likely will have a significant effect on litigation under the Telephone Consumer Protection Act (TCPA), the Supreme Court ruled on what qualifies as an “automatic telephone...more
On November 4, 2020, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule (the Proposed Rule) outlining proposals for the coverage and payment for durable medical equipment, prosthetics, orthotics, and...more
On December 10, 2020, HRSA issued a final rule (the Final Rule) implementing the 340B Drug Pricing Program administrative dispute resolution (ADR) process–an overdue mandate from the Affordable Care Act. Under the Final...more
On October 30, 2020, the Office of the National Coordinator for Health Information Technology (ONC) issued an interim final rule (IFR) with comment period delaying the compliance dates for certain regulatory requirements set...more
Manufacturers and providers participating in the 340B Drug Pricing Program have entered into a new phase of tensions this summer, as manufacturers push back on the use of contract pharmacies by providers. At least one major...more
On July 22, 2020, CMS announced four new policies pertaining to nursing homes during the COVID-19 public health emergency. First, CMS allocated to nursing homes an additional $5 billion from the Provider Relief Fund...more
On June 24, 2020, the U.S. Court of Appeals for the Sixth Circuit issued an opinion addressing whether an overpayment assessment should be invalidated when the Medicare contractor fails to provide notice of a post-payment...more
On May 22, 2020, HHS announced that it has begun distributing $4.9 billion in additional relief funds to skilled nursing facilities (SNFs) to assist SNFs in weathering significant expenses or lost revenue attributable to the...more