On January 24, 2025, President Trump issued an Executive Order, titled "Enforcing the Hyde Amendment," revoking President Biden's two Executive Orders 14076 (July 8, 2022) and 14079 (August 3, 2022) that federally protected...more
1/29/2025
/ Covered Entities ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
EMTALA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Patient Privacy Rights ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Roe v Wade ,
State Privacy Laws
For more than 20 years, the HIPAA Security Rule has been virtually unchanged other than extending its scope beyond covered entities to also include business associates. During that time, technology has changed, cybersecurity...more
1/9/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Proposed Rules ,
Risk Management ,
Trump Administration
On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the "Act"), which will regulate the collection, use, and disclosure of "consumer health data" ("Consumer Health Data" or "CHD"). The...more
5/2/2023
/ Business Associates ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
PHI ,
Private Right of Action
HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of "small" breaches of unsecured protected health information that were discovered during calendar-year 2022 no...more
The Department of Health and Human Services ("HHS") has proposed amendments to the Confidentiality of Substance Use Disorder Patient Records Rule, 42 C.F.R. part 2 (the "Part 2 Rule") with a comment deadline of January 31....more
1/16/2023
/ CARES Act ,
Comment Period ,
Data Management ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Health Record Incentives ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach Notification Rule ,
Medical Records ,
Patient Privacy Rights ,
Substance Abuse
It's that time of the year again: the opportunity to brush off your New Year's resolutions for privacy and security of health information. Here are some potential health information privacy and security resolutions for your...more
To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then...more
The Code of Federal Regulations has recently published the 2017 version of the HIPAA regulations. This is the most up-to-date “official” version of the HIPAA regulations. We have created a version that includes PDF bookmarks...more
The administrative simplification provision of the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA) impose obligations on employer-sponsored group health plans. Given recent...more
As a reminder that state attorneys general have enforcement authority over breach notifications, the New York Attorney General recently announced a $130,000 settlement for a failing to provide breach notification in a...more
A not-for-profit health care system recently agreed to pay the Department of Health and Human Services (HHS) $2.4 million as part of a settlement over potential Health Insurance Portability and Accountability Act (HIPAA)...more
On April 24, 2017, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac...more
What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more
In this webinar, we will demystify the HIPAA Security Rule and how to apply the administrative, physical, and technical safeguards in a mobile environment. We will discuss key takeaways from the recently released NIST Draft...more
9/4/2015
/ Data Breach ,
Data Protection ,
Data Security ,
Electronic Medical Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
mHealth ,
Mobile Apps ,
Mobile Devices ,
NIST ,
Patient Privacy Rights ,
Popular ,
Webinars
In the wake of the recent Ebola cases, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a new bulletin reminding HIPAA-covered entities and their business associates that the...more
On July 23, 2014, the Massachusetts attorney general announced a settlement with Women & Infants Hospital of Rhode Island (WIH) over the loss of unencrypted backup tapes. WIH agreed to pay $150,000 and undertake numerous...more
The California Court of Appeal recently held that in order to recover under California’s Confidentiality of Medical Information Act (CMIA), Civ. Code §§ 56 et seq., a plaintiff must plead and prove that the “stolen medical...more
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued two reports to Congress, as required by the HITECH Act. The compliance report details OCR’s enforcement activities for 2011 and 2012 and...more
The HHS Office for Civil Rights (OCR) recently presented information about the new look of its Phase 2 audit program. The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on...more
The Federal Trade Commission (FTC) sent a message about the importance of imposing appropriate security measures on—and monitoring—vendors with access to confidential consumer information. The FTC issued a 20-year consent...more
In a reminder that the U.S. Department of Health and Human Services (“HHS”), with its HIPAA security requirements and enforcement authority, is not the only game in town when it comes to health information privacy, the...more
In January 2013, The U.S. Department of Health and Human Services released the HIPAA Omnibus Rule in the Federal Register, the most significant changes to the HIPAA regulations since they were first promulgated. ...more
The Omnibus Rule went into effect on March 26, 2013. While covered entities and business associates have until Sept. 23, 2013, to comply with new restrictions and obligations, they can take advantage of the rule’s benefits...more
4/3/2013
/ Business Associates ,
Covered Entities ,
Data Protection ,
Fundraisers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Omnibus Rule ,
Immunization Records ,
Medical Research ,
Notice Requirements ,
PHI
On Jan. 17, 2013, the Department of Health and Human Services (HHS) released the long-awaited “Omnibus Rule,” which amends the administrative simplification provisions of the Health Insurance Portability and Accountability...more
1/24/2013
/ Business Associates ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
PHI ,
Privacy Policy
On Jan. 17, 2013, the long-awaited HIPAA “Omnibus Rule” went on display at the Federal Register, finalizing changes to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules....more