The U.S. Department of Health and Human Services Centers for Medicare and Medicaid Services and Office of the Secretary (collectively, HHS) released on May 6, 2024, the agencies' Final Rule governing the implementation of...more
5/13/2024
/ Affordable Care Act ,
Anti-Discrimination Policies ,
Compliance ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance ,
Non-Discrimination Rules ,
Notice Requirements ,
Policies and Procedures ,
Section 1557
The U.S. Department of Health and Human Services Centers for Medicare and Medicaid Services and the Office of the Secretary (collectively, HHS) released the agencies' Final Rule governing the implementation of Section 1557 of...more
5/13/2024
/ Affordable Care Act ,
Anti-Discrimination Policies ,
Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
Disabilities ,
Health Care Providers ,
Health Insurance ,
Limited English Proficiency (LEP) ,
Medicaid ,
Medicare ,
Non-Discrimination Rules ,
Section 1557
There has been a notable emphasis on proactive enforcement of the privacy and security of protected health information in recent weeks as evidenced by multiple developments regarding compliance with the Health Insurance...more
We recently asked our Firm's "Women to Equity" class members about their best tips on achieving "balance." These women, are all on a path towards equity, balancing busy work schedules and client relationships with their...more
On May 31, 2023, renowned managed file transfer solution provider Ipswitch, Inc. revealed a zero-day vulnerability in its flagship solution, MOVEit Transfer, that can enable mass data theft from thousands of organizations....more
Health care providers of all sizes should be reviewing their Distributed Denial of Service (DDoS) mitigations and response plans immediately. On February 2, a pro-Russia hacktivist group, dubbed "Killnet," called upon all of...more
Statistics show that cybercrime increases significantly during the holiday season. Threat actors anticipate that workers are distracted and more likely to fall victim to a phishing email scam than any other time of the year....more
On April 6, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking public comment on "recognized security practices" and on sharing civil...more
4/11/2022
/ Business Associates ,
Civil Monetary Penalty ,
Covered Entities ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
NIST ,
OCR ,
Policies and Procedures ,
Public Comment
The deadline for submitting an annual notice of a Health Insurance Portability and Accountability Act (HIPAA) Breach to the Secretary of the Department of Health and Human Services (the Secretary) is quickly approaching. ...more
A public cybersecurity advisory was issued yesterday about a likely ransomware attack against the health care and public health sector. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
FBI ,
Health Care Providers ,
Health Information Technologies ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Hospitals ,
Public Health ,
Ransomware ,
Risk Mitigation
On January 23, 2020, the United States District Court for the District of Columbia declared sections of the 2013 Omnibus Rule unlawful. The Court found that the Department of Health and Human Services (HHS) impermissibly...more
2/5/2020
/ Administrative Procedure Act ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
EHR ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Access Request ,
HIPAA Omnibus Rule ,
HITECH Act ,
Lack of Authority ,
Notice and Comment ,
PHI ,
Popular ,
Third-Party Rights ,
Unlawful Policies ,
Vendors
The Stop Hacks and Improve Electronic Data Security (SHIELD) Act, signed by Governor Cuomo on July 25, 2019, amends New York's data breach notification law for computerized data. The Act's new requirements take effect March...more
Organizations that meet the definition of "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA) must be diligent to maintain the privacy and security...more
4/23/2019
/ Business Associates ,
Covered Entities ,
Cyber Insurance ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Use Policies ,
Electronic Protected Health Information (ePHI) ,
Employee Training ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Long Term Care Facilities ,
Long-Term Care ,
OCR ,
Passwords ,
Patient Privacy Rights ,
Patients ,
Phishing Scams ,
Popular ,
Portable Devices ,
Risk Assessment
The growing concern over opioid abuse has prompted both the federal government and many states to address concerns over referrals for substance abuse treatment. Tennessee recently addressed the issue in House Bill No. 2068,...more
10/30/2018
/ Anti-Kickback Statute ,
Civil Monetary Penalty ,
Drug & Alcohol Abuse ,
Drug Treatment ,
False Statements ,
Health Care Providers ,
Hospitals ,
Marketing ,
New Legislation ,
Opioid ,
Patient Referrals ,
State and Local Government ,
Substance Abuse
On January 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued a final rule to revise 42 CFR Part 2, the federal regulations governing confidentiality of certain substance abuse patients'...more
1/19/2018
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Billing ,
Centers for Medicare & Medicaid Services (CMS) ,
Code of Federal Regulations (CFR) ,
Confidential Information ,
Disclosure Requirements ,
EHR ,
Final Rules ,
Health Care Providers ,
Medicaid ,
Medicare ,
Medicare Administrative Contractors (MAC) ,
Mental Health ,
Patient Privacy Rights ,
SAMHSA ,
Subcontractors ,
Substance Abuse
Insurers and organizations regulated by state insurance departments need to be prepared to meet the requirements of the model data security law, which may be finalized this year. In late 2014, the National Association of...more
On January 13, 2017, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued the Final Rule to revise 42 C.F.R. Part 2 (Part 2 Regulations) – the federal regulations that govern the confidentiality of...more
On May 18, 2016, the Department of Health and Human Services (HHS) issued a final rule (the Rule) implementing the prohibition on discrimination under Section 1557 of the Affordable Care Act (ACA). Section 1557 prohibits...more
The U.S. Department of Health & Human Services (HHS) and the Substance Abuse and Mental Health Services Administration (SAMHSA) have issued a Proposed Rule to revise 42 C.F.R. Part 2 (Part 2 Regulations) – the federal...more
The HIPAA Breach Notification Rule requires covered entities to notify the Secretary of the Department of Health and Human Services (HHS) if a breach of unsecured protected health information (PHI) is discovered. As most...more
It has long been established that there was no private right of action with regard to HIPAA. All providers must be aware that state courts are beginning to turn the tide regarding such liability. On November 11, 2014, the...more