As healthcare technology continues to evolve, so does the need for robust compliance strategies to safeguard patient information and ensure the integrity of medical devices. In a joint September 19, 2024 presentation, the...more
9/20/2024
/ Artificial Intelligence ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Employee Training ,
Health Technology ,
Healthcare ,
Medical Devices ,
PHI ,
Popular ,
Risk Assessment
The Massachusetts Attorney General’s Office (AGO) issued an announcement last week to inform consumers who may have had their personal information breached in Change Healthcare’s cyberattack this past February. The AGO was...more
State Attorneys General play a significant role in shaping health care policy across the country. While the national debates over health care policy in Congress and the federal government receive significant media attention,...more
The FTC has updated its HBNR to clarify that the rule also restricts marketing practices involving personal health information. This update to the HBNR was announced on April 26, 2024, and follows several recent enforcement...more
4/29/2024
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
PHI ,
Regulatory Agenda ,
Regulatory Reform ,
Technology
I was pleased to take part in the “Transforming Care – Strategies for Integration of Artificial Intelligence in Healthcare” discussion, hosted by the New England Healthcare Executive Network at Foley Hoag on April 1. The...more
Change Healthcare Cyberattack -
On February 21, 2024, Change Healthcare—a healthcare technology company owned by UnitedHealth Group—issued a statement that it had been impacted by a ransomware attack. According to Change...more
If you need a little intellectual stimulation after hours of Thanksgiving turkey and football, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just the thing — the new CISA Mitigation Guide for the...more
11/27/2023
/ Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Healthcare ,
Information Technology ,
Internet ,
Mitigation ,
New Guidance ,
Public Health ,
Technology Sector
NordPass (the purveyor of a password manager) has assembled a list of the top 20 passwords in healthcare, based on usage by the world’s largest companies. According to NordPass’s analysis, the “top” 20 passwords are:
-...more
Massachusetts Extends Protections for Counseling Records of Survivors of Sexual Assault -
The Massachusetts Supreme Judicial Court has ruled in In the Matter of a Motion to Compel, SJC-13336 that the Superior Court could...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.4 of their Security Risk Assessment...more
The Notifications of Enforcement Discretion issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act during the...more
5/15/2023
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
New Guidance ,
OCR ,
PHI ,
Public Health Emergency ,
Telehealth ,
Telemedicine
In a very comprehensive post from the Federal Trade Commission’s Office of Technology, the FTC takes what it calls “[a] deep dive into the technical side of FTC’s recent cases on digital health platforms, GoodRx &...more
3/17/2023
/ Advertising ,
Data Collection ,
Data Privacy ,
Data Protection ,
Digital Platforms ,
Federal Trade Commission (FTC) ,
Health Information Technologies ,
Healthcare ,
Information Sharing ,
Personal Information ,
Technology Sector ,
Third-Party ,
Web Tracking ,
Websites
On January 11, 2023, the Department of Health and Human Services extended the COVID-19 public health emergency through at least April 11, 2023. This is the twelfth extension of the PHE since January 2020. HHS last renewed the...more
Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of...more
10/26/2022
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Incident Response Plans ,
Personally Identifiable Information
If your company creates health-related apps, the Federal Trade Commission (FTC) has set out some key considerations:
- Make accurate representations. Clearly explain how people’s information will be used and shared and then...more
4/26/2022
/ App Developers ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Healthcare ,
Information Sharing ,
Mobile Apps ,
Mobile Devices ,
Popular ,
Privacy Concerns ,
Privacy Policy ,
Risk Management
The White House has released a COVID-19 preparedness plan that assumes we will be living with the virus for the long term.
The 96-page plan has four primary goals: (1) protect against and treat COVID-19, (2) prepare for...more
On June 10, 2021, the U.S. Labor Department’s Occupational Safety and Health Administration (OSHA) released a nationwide emergency COVID-19 workplace safety rule, accompanied by a 916-page explanatory preamble. President...more
6/25/2021
/ Coronavirus/COVID-19 ,
Department of Labor (DOL) ,
Employees ,
Employer Liability Issues ,
Healthcare ,
Masks ,
New Guidance ,
OSHA ,
Personal Protective Equipment ,
Vaccinations ,
Workplace Safety
You may have forgotten that there is a federal criminal identity theft statute, 18 U.S.C. § 1028A, which says:
Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers,...more
12/30/2020
/ Appeals ,
Data Breach ,
Felonies ,
Healthcare ,
Healthcare Fraud ,
Identity Theft ,
Medicaid ,
Patients ,
Personal Information ,
SCOTUS ,
Unlawful Means
On October 28, 2020, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services...more
On March 27, 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”), the third and by far the largest stimulus package passed by Congress to respond to the COVID-19 outbreak. As discussed...more
On Friday, March 20, 2020, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced it will “exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory...more
What Do They Mean for Providers? -
Both California and New York have recently enacted so-called “Surprise Bills Laws” that require out-of-network providers to give notice to patients that a particular item or service...more
The Massachusetts Legislature is currently considering Senate Bill 1048, “An Act to Promote Transparency and Cost Control of Pharmaceutical Drug Prices.” The bill, sponsored by State Senator Mark Montigny, Vice Chair of the...more
On December 5, 2014, the Centers for Medicare & Medicaid Services (CMS) issued a final rule titled “Requirements for Medicare Incentive Reward Program and Provider Enrollment” (“the Rule”). The Rule implemented several...more
On September 23, 2013, the Food and Drug Administration (FDA) published the final guidance on its regulation of “mobile medical applications (or apps).” The guidance finalizes FDA’s 2011 draft guidance, adding numerous...more