On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems...more
6/28/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Business Associates ,
Consumer Privacy Rights ,
Covered Entities ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Hospitals ,
OCR ,
PHI ,
Privacy Laws ,
Regulatory Authority ,
State Privacy Laws ,
Web Tracking ,
Websites
As we previously reported, the Federal Trade Commission (FTC) recently announced its final changes to the Health Breach Notification Rule (HBNR), vastly expanding the scope of the Rule’s coverage....more
6/20/2024
/ Covered Entities ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mobile Apps ,
Mobile Health Apps ,
Patient Privacy Rights ,
PHI ,
Popular ,
Social Security Act
On April 26, the Federal Trade Commission (FTC) announced its final rule (Final Rule) making changes to the Health Breach Notification Rule (HBNR)....more
When the U.S. Department of Health and Human Services, Office for Civil Rights (HHS OCR) issued its guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” on Dec. 1, 2022 Original...more
On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more
3/19/2024
/ Annual Reports ,
Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HITECH Act ,
OCR ,
PHI ,
Regulatory Authority
On February 8, 2024, the U.S. Department of Health & Human Services (HHS) released a final rule modifying 42 CFR Part 2 (Part 2) provisions regarding the confidentiality of Substance Use Disorder (SUD) Patient Records. The...more
3/1/2024
/ Administrative Procedure ,
Business Associates ,
CARES Act ,
Compliance ,
Consent ,
Covered Entities ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
HIPAA Breach Notification Rule ,
HITECH Act ,
Information Sharing ,
Opioid ,
Patient Privacy Rights ,
PHI ,
Prior Authorization ,
Public Health ,
SAMHSA ,
Substance Abuse ,
Tribal Governments
Nearly two months after settlement was reached, the Department of Health and Human Services Office for Civil Rights (HHS OCR) announced on Feb. 6 that it obtained a resolution agreement with Montefiore Medical Center over...more
2/13/2024
/ Business Associates ,
Compliance ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Security and Privacy Controls
If the Federal Trade Commission’s (FTC) recent pursuits did not make clear the agency’s deep concerns about the use of health information for advertising purposes, a new enforcement action brought by the FTC against...more
Health privacy has been a Federal Trade Commission (FTC) priority for decades, and indeed, one of its very first privacy cases, in the early 2000s, involved the inadvertent sharing of user health data. Fast-forward a few...more
2/8/2023
/ Advertising ,
Antitrust Violations ,
Data-Sharing ,
Dobbs v. Jackson Women’s Health Organization ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Apps ,
Mobile Devices ,
PHI ,
Prior Express Consent ,
Privacy Policy ,
Software ,
Third-Party ,
Unfair or Deceptive Trade Practices ,
Web Tracking
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail...more
12/14/2022
/ Business Associates ,
Cookies ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
PHI ,
Tracking Systems
After a long stretch of breach enforcement actions and settlements arising out of alleged technology gaps, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced that it settled a case...more
On June 29, in response to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, the U.S. Department of Health & Human Services Office for Civil Rights (HHS OCR) issued guidance on when entities...more
7/5/2022
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Law Enforcement ,
New Guidance ,
OCR ,
PHI ,
SCOTUS
On March 28, 2022, Health and Human Services, Office for Civil Rights (OCR) announced the resolution of four enforcement actions, three resolved in 2021 and one resolved in 2022. There are some interesting aspects of this...more
In what is being seen as a strong rebuke to years of regulatory overreach, the United States District Court for the District of Columbia entered an order on January 23, 2020 that invalidates provisions of the 2013 Omnibus...more
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. ...more
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its “Cybersecurity Best Practices” report. ...more