Executive orders and changes to enforcement directives permitting Immigration and Customs Enforcement (ICE) and agents from other divisions of the Department of Homeland Security to enter sensitive locations, such as...more
1/31/2025
/ Data Privacy ,
Department of Homeland Security (DHS) ,
EMTALA ,
Executive Orders ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
HIPAA Privacy Rule ,
Immigration and Customs Enforcement (ICE) ,
Immigration Enforcement ,
Medicare ,
Non-Discrimination Rules ,
Patient Privacy Rights ,
PHI ,
Privacy Laws
On January 24, 2025, President Trump issued an Executive Order, titled "Enforcing the Hyde Amendment," revoking President Biden's two Executive Orders 14076 (July 8, 2022) and 14079 (August 3, 2022) that federally protected...more
1/29/2025
/ Covered Entities ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
EMTALA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Patient Privacy Rights ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Roe v Wade ,
State Privacy Laws
For more than 20 years, the HIPAA Security Rule has been virtually unchanged other than extending its scope beyond covered entities to also include business associates. During that time, technology has changed, cybersecurity...more
1/9/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Proposed Rules ,
Risk Management ,
Trump Administration
We just want to provide a friendly reminder that, before key staff depart for the holidays, HIPAA covered entities and business associates should finalize their compliance with the 2024 HIPAA amendments related to...more
12/19/2024
/ Compliance ,
Covered Entities ,
Data Privacy ,
Deadlines ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New Amendments ,
OCR ,
PHI ,
Reproductive Healthcare Issues ,
Settlement
On July 1, 2024, the U.S. Department of Health and Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) published a final rule...more
7/12/2024
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Information Blocking Rules ,
Investigations ,
Medicare ,
MIPS ,
OIG ,
ONC ,
Penalties ,
Popular ,
Reimbursements
The U.S. District Court for the Northern District of Texas ruled that HHS's December 1, 2022, guidance applying HIPAA to online tracking technologies is unlawful with respect to its treatment of certain combinations of...more
The FTC issued a final rule to lock in changes to the Health Breach Notification Rule (HBNR) that it proposed in May 2023. While the HBNR began as a breach notification rule seemingly focused on a narrow set of applications...more
The U.S. Department of Health and Human Services (HHS) this week released final amendments to the HIPAA Privacy Rule to further protect the privacy of protected health information (PHI) related to reproductive health care....more
4/29/2024
/ Attestation Requirements ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HITECH Act ,
New Amendments ,
Patients ,
PHI ,
Policies and Procedures ,
Reproductive Healthcare Issues
Washington's My Health My Data Act (Act), which imposes substantial new obligations on the collection and use of broadly defined "consumer health data" (CHD), went into effect March 31, 2024. Everyone that conducts business...more
Changes to guidance are unlikely to mitigate widespread concerns -
On March 18, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) revised its controversial guidance on how HIPAA applies...more
The long-anticipated final rule addressing substance use disorder (SUD) records at 42 C.F.R. Part 2, commonly referred to as Part 2, is here. The final rule is a joint undertaking by the U.S. Department of Health and Human...more
2/21/2024
/ Breach Notification Rule ,
CARES Act ,
Civil Monetary Penalty ,
Confidentiality Policies ,
Consent Agreements ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Enforcement ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Penalties ,
PHI ,
Risk Assessment ,
SAMHSA ,
Substance Abuse
February 29, 2024, is the date by which HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of all "small" breaches of unsecured protected health information that...more
The U.S. Department of Health and Human Services ("HHS") issued a concept paper describing its overarching strategy to address healthcare cybersecurity. The concept paper builds on the Biden-Harris Administration's National...more
12/18/2023
/ Cybersecurity ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Medicare ,
OCR ,
Popular
While health care providers have been required to comply with the 21st Century Cures Act Information Blocking Rule (the Rule) since April 5, 2021, as of yet there is no enforcement mechanism in place with respect to the Rule...more
11/2/2023
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Healthcare ,
Healthcare Reform ,
Information Blocking Rules ,
ONC ,
Proposed Rules ,
Regulatory Requirements
In January, we wrote about how new comprehensive state consumer data privacy laws, such as the California Consumer Privacy Act ("CCPA"), apply to healthcare providers. At the time five states had enacted such laws:...more
Continued advancement in artificial intelligence offers great promise to improve health care. But AI feeds on tremendous amounts of data, and using protected health information (PHI) to develop or improve AI often involves...more
On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the "Act"), which will regulate the collection, use, and disclosure of "consumer health data" ("Consumer Health Data" or "CHD"). The...more
5/2/2023
/ Business Associates ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
PHI ,
Private Right of Action
Walking a middle path, the HHS Office for Civil Rights (OCR) published proposed amendments to the HIPAA Privacy Rule on April 17, 2023, to further safeguard the privacy of reproductive health care information. This comes in...more
Digital healthcare platforms using third-party tracking pixels should be on alert in light of the recent post issued by the Federal Trade Commission's new Office of Technology and the FTC's latest enforcement actions against...more
HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of "small" breaches of unsecured protected health information that were discovered during calendar-year 2022 no...more
With 2023 underway, healthcare providers have a more complex patchwork of privacy laws than ever before to navigate. Five states have enacted general privacy laws: California, Colorado, Connecticut, Utah, and Virginia. These...more
The Department of Health and Human Services ("HHS") has proposed amendments to the Confidentiality of Substance Use Disorder Patient Records Rule, 42 C.F.R. part 2 (the "Part 2 Rule") with a comment deadline of January 31....more
1/16/2023
/ CARES Act ,
Comment Period ,
Data Management ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Health Record Incentives ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach Notification Rule ,
Medical Records ,
Patient Privacy Rights ,
Substance Abuse
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued a bulletin on December 1, 2022, clarifying that "regulated entities are not permitted to use tracking technologies in a manner that would...more
On June 24, 2022, the US Supreme Court released its opinion Dobbs v. Jackson Women's Health Organization, 142 S.C. 2228 (2022), reversing Roe v. Wade and holding that the US Constitution does not confer a right to abortion....more
In two weeks, on October 6, 2022, the scope of the 21st Century Cures Act Information Blocking Rule expands to prohibit health care providers from blocking or interfering with patient access to any electronic information in a...more