The U.S. District Court for the Northern District of Texas ruled that HHS's December 1, 2022, guidance applying HIPAA to online tracking technologies is unlawful with respect to its treatment of certain combinations of...more
Washington's My Health My Data Act (Act), which imposes substantial new obligations on the collection and use of broadly defined "consumer health data" (CHD), went into effect March 31, 2024. Everyone that conducts business...more
The U.S. Department of Health and Human Services ("HHS") issued a concept paper describing its overarching strategy to address healthcare cybersecurity. The concept paper builds on the Biden-Harris Administration's National...more
12/18/2023
/ Cybersecurity ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Medicare ,
OCR ,
Popular
While health care providers have been required to comply with the 21st Century Cures Act Information Blocking Rule (the Rule) since April 5, 2021, as of yet there is no enforcement mechanism in place with respect to the Rule...more
11/2/2023
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Healthcare ,
Healthcare Reform ,
Information Blocking Rules ,
ONC ,
Proposed Rules ,
Regulatory Requirements
Continued advancement in artificial intelligence offers great promise to improve health care. But AI feeds on tremendous amounts of data, and using protected health information (PHI) to develop or improve AI often involves...more
The Department of Health and Human Services ("HHS") has proposed amendments to the Confidentiality of Substance Use Disorder Patient Records Rule, 42 C.F.R. part 2 (the "Part 2 Rule") with a comment deadline of January 31....more
1/16/2023
/ CARES Act ,
Comment Period ,
Data Management ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Health Record Incentives ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach Notification Rule ,
Medical Records ,
Patient Privacy Rights ,
Substance Abuse
Over the past year, numerous lawsuits and complaints to the HHS Office for Civil Rights (“OCR”) have been filed by plaintiffs’ attorneys over a seemingly obscure HIPAA issue – the rate that health care providers and their...more
In the wake of the recent Ebola cases, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a new bulletin reminding HIPAA-covered entities and their business associates that the...more
Centers for Medicare & Medicaid Services (CMS) recently announced the reopening of the submission period for hardship exception applications for eligible professionals and eligible hospitals that have been unable to fully...more
On Sept. 18, 2014, California’s governor approved Assembly Bill 1755, extending California’s stringent breach notification deadline for medical information breaches from five business days to 15 business days for clinics,...more
On Oct. 6, 2014, a final rule issued jointly by the Centers for Medicare & Medicaid Services (CMS), Centers for Disease Control and Prevention (CDC), and Office for Civil Rights (OCR) will require all HIPAA-covered labs...more
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued two reports to Congress, as required by the HITECH Act. The compliance report details OCR’s enforcement activities for 2011 and 2012 and...more
The Department of Health and Human Services’ Substance Abuse and Mental Health Services Administration (SAMHSA) is considering significant changes to the “Part 2” regulations (the Confidentiality of Alcohol and Drug Abuse...more
The U.S. Department of Health and Human Services (“HHS”) recently issued new guidance clarifying how the HIPAA Privacy Rule strikes the balance of protecting individuals’ privacy of mental health information and communicating...more
The Omnibus Rule went into effect on March 26, 2013. While covered entities and business associates have until Sept. 23, 2013, to comply with new restrictions and obligations, they can take advantage of the rule’s benefits...more
4/3/2013
/ Business Associates ,
Covered Entities ,
Data Protection ,
Fundraisers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Omnibus Rule ,
Immunization Records ,
Medical Research ,
Notice Requirements ,
PHI
HIPAA places tight restrictions on the use and disclosure of protected health information, but there are many ways to “de-identify” it, freeing it from HIPAA’s constraints. Covered entities and business associates can use...more