On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems...more
6/28/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Business Associates ,
Consumer Privacy Rights ,
Covered Entities ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Hospitals ,
OCR ,
PHI ,
Privacy Laws ,
Regulatory Authority ,
State Privacy Laws ,
Web Tracking ,
Websites
As we previously reported, the Federal Trade Commission (FTC) recently announced its final changes to the Health Breach Notification Rule (HBNR), vastly expanding the scope of the Rule’s coverage....more
6/20/2024
/ Covered Entities ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mobile Apps ,
Mobile Health Apps ,
Patient Privacy Rights ,
PHI ,
Popular ,
Social Security Act
On April 26, 2024, the U.S. Department of Health and Human Services (HHS) published its long-awaited Final Rule regarding reproductive health privacy. Although it is tempting to benchmark the Final Rule against the Dobbs...more
On April 26, the Federal Trade Commission (FTC) announced its final rule (Final Rule) making changes to the Health Breach Notification Rule (HBNR)....more
When the U.S. Department of Health and Human Services, Office for Civil Rights (HHS OCR) issued its guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” on Dec. 1, 2022 Original...more
On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more
3/19/2024
/ Annual Reports ,
Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HITECH Act ,
OCR ,
PHI ,
Regulatory Authority
On February 8, 2024, the U.S. Department of Health & Human Services (HHS) released a final rule modifying 42 CFR Part 2 (Part 2) provisions regarding the confidentiality of Substance Use Disorder (SUD) Patient Records. The...more
3/1/2024
/ Administrative Procedure ,
Business Associates ,
CARES Act ,
Compliance ,
Consent ,
Covered Entities ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
HIPAA Breach Notification Rule ,
HITECH Act ,
Information Sharing ,
Opioid ,
Patient Privacy Rights ,
PHI ,
Prior Authorization ,
Public Health ,
SAMHSA ,
Substance Abuse ,
Tribal Governments
Nearly two months after settlement was reached, the Department of Health and Human Services Office for Civil Rights (HHS OCR) announced on Feb. 6 that it obtained a resolution agreement with Montefiore Medical Center over...more
2/13/2024
/ Business Associates ,
Compliance ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Security and Privacy Controls
The FDA has announced the formation of the Digital Health Advisory Committee, a group dedicated to navigating the complexities of emerging DHTs like AI/ML, augmented reality and more. This development evidences the FDA’s...more
If the Federal Trade Commission’s (FTC) recent pursuits did not make clear the agency’s deep concerns about the use of health information for advertising purposes, a new enforcement action brought by the FTC against...more
On February 27, 2023, the U.S. Department of Health and Human Services (HHS) announced that its law enforcement agency – the Office for Civil Rights (OCR) – will reorganize, adding new divisions to better address the rapid...more
Health privacy has been a Federal Trade Commission (FTC) priority for decades, and indeed, one of its very first privacy cases, in the early 2000s, involved the inadvertent sharing of user health data. Fast-forward a few...more
2/8/2023
/ Advertising ,
Antitrust Violations ,
Data-Sharing ,
Dobbs v. Jackson Women’s Health Organization ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Apps ,
Mobile Devices ,
PHI ,
Prior Express Consent ,
Privacy Policy ,
Software ,
Third-Party ,
Unfair or Deceptive Trade Practices ,
Web Tracking
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail...more
12/14/2022
/ Business Associates ,
Cookies ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
PHI ,
Tracking Systems
On November 28, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Substance Abuse Mental Health Services Administration (SAMHSA) announced a Notice of Proposed Rulemaking...more
12/6/2022
/ Business Associates ,
CARES Act ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Medical Records ,
NPRM ,
OCR ,
SAMHSA ,
Substance Abuse
In response to the Dobbs decision, California enacted legislation intended to enhance data privacy and block record requests by other states concerning alleged abortion-related offenses that are lawful in California. In...more
10/11/2022
/ Abortion ,
Amended Legislation ,
Attestation Requirements ,
Civil Investigation Demand ,
Corporations Code ,
Covered Entities ,
Criminal Investigations ,
Data Privacy ,
Dobbs v. Jackson Women’s Health Organization ,
Electronic Communications ,
Evidence ,
Governor Newsom ,
Law Enforcement ,
Penal Code ,
Reproductive Healthcare Issues ,
Safe Harbors ,
Search Warrant ,
State Attorneys General ,
Twitter
After a long stretch of breach enforcement actions and settlements arising out of alleged technology gaps, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced that it settled a case...more
Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or...more
On July 8, 2022, following the Supreme Court’s decision in Dobbs, the president signed an executive order that called on a number of federal agencies to take steps to protect reproductive rights. He specifically asked the...more
On July 13, the Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued guidance to retail pharmacies that refusing to dispense a prescribed medication or making a determination on the suitability of...more
7/18/2022
/ Abortion ,
Anti-Discrimination Policies ,
Department of Health and Human Services (HHS) ,
Disability Discrimination ,
Federal Funding ,
New Guidance ,
OCR ,
Pharmacies ,
Pregnancy ,
Prescription Drugs ,
Reproductive Healthcare Issues ,
Sex Discrimination
To help guide entities through the significant confusion and changes that will be evolving for the next several years, BakerHostetler has assembled the Dobbs Decision Task Force (DDTF), led by attorneys in five major areas...more
On June 29, in response to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, the U.S. Department of Health & Human Services Office for Civil Rights (HHS OCR) issued guidance on when entities...more
7/5/2022
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Law Enforcement ,
New Guidance ,
OCR ,
PHI ,
SCOTUS
On March 28, 2022, Health and Human Services, Office for Civil Rights (OCR) announced the resolution of four enforcement actions, three resolved in 2021 and one resolved in 2022. There are some interesting aspects of this...more
On March 19, 2021, Xavier Becerra was confirmed as the secretary of the U.S. Department of Health and Human Services (HHS). HHS is the federal regulatory body that oversees the Office for Civil Rights (OCR), which is the...more
On Oct. 28, a joint cybersecurity advisory was published by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health & Human Services. The advisory warned of an imminent cybercrime...more
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key...more