For companies seeking to use, license, or otherwise commercialize health data, there are potential inconsistencies among the HIPAA de-identification standard, the CCPA definition of de-identified data, and GDPR requirements...more
2/26/2020
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
De-Identified Protected Health Information ,
Electronic Protected Health Information (ePHI) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Webinars
The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) recently announced a public consultation process regarding anonymization under the European Union General Data Protection Regulation (GDPR)...more
Throughout the past year, the healthcare and life science industries experienced a proliferation of digital health innovation that challenged traditional notions of healthcare delivery and payment, as well as product...more
1/29/2020
/ Anti-Kickback Statute ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Department of Justice (DOJ) ,
Digital Health ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Enforcement ,
Food and Drug Administration (FDA) ,
Fraud and Abuse ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Regulatory Standards ,
Stark Law ,
Telemedicine
The European Data Protection Supervisor, the independent European Union authority responsible for data protection regulatory oversight, issued a preliminary opinion on data protection and scientific research. The Opinion...more
1/24/2020
/ Advisory Opinions ,
Compliance ,
Consent ,
Data Protection ,
Data Protection Authority ,
Data Subjects Rights ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Member State ,
Personal Data ,
Scientific Research ,
The Common Rule ,
Transparency
On January 6, 2020, the California State Senate’s Health Committee unanimously approved California AB 713, a bill that would amend the California Consumer Privacy Act (CCPA) to except from CCPA requirements additional...more
1/17/2020
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Clinical Trials ,
CMIA ,
Exceptions ,
Food and Drug Administration (FDA) ,
Health and Safety ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Medical Research ,
Notice Requirements ,
Personal Information ,
PHI ,
Privacy Laws ,
Proposed Amendments ,
Public Health ,
The Common Rule
A potential disconnect between the HIPAA de-identification standard and California Consumer Privacy Act (CCPA) definition of de-identified may pose hurdles for HIPAA covered entities, their business associates and other data...more
12/4/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Data Collection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Right to Delete
On October 17, 2019, the Department of Health & Human Services (HHS) published proposed rules in the Federal Register that would amend existing and create new exceptions to the physician self-referral law (Stark Law) and safe...more
11/22/2019
/ Anti-Kickback Statute ,
Beneficiary Inducement ,
Centers for Medicare & Medicaid Services (CMS) ,
Comment Period ,
Cybersecurity ,
EHR ,
Healthcare Reform ,
OIG ,
Popular ,
Proposed Rules ,
Public Comment ,
Safe Harbors ,
Stark Law
To help accelerate the transformation of the US healthcare system from a fee-for-service to a value-based system, the US Department of Health & Human Services (HHS) launched its “Regulatory Sprint to Coordinated Care”...more
11/13/2019
/ Anti-Kickback Statute ,
Centers for Medicare & Medicaid Services (CMS) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Healthcare Reform ,
Incentives ,
Patients ,
Physicians ,
Proposed Rules ,
Regulatory Burden ,
Reimbursements ,
Safe Harbors ,
Self-Referral ,
Stark Law ,
Value-Based Care ,
Webinars
A recent update to the Office of Management and Budget (OMB) website suggests that the answer is “yes”—though that depends on how one defines “soon.” According to its website, OMB received the Office of the National...more
On October 10, 2019, the California Attorney General released proposed regulations to implement the California Consumer Privacy Act (CCPA), including substantial new requirements not included in the CCPA. Here we offer a...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
State Attorneys General
SAMHSA has released a long-awaited proposed rule that would modify the federal regulations at 42 CFR Part 2 (Part 2) governing the confidentiality of substance use disorder (SUD) patient records created by federally assisted...more
9/12/2019
/ Comment Period ,
Confidential Information ,
Consent ,
Disclosure Requirements ,
Health Care Providers ,
HIPAA Privacy Rule ,
Information Sharing ,
Medical Records ,
Opioid ,
Patient Privacy Rights ,
Pharmaceutical Industry ,
Proposed Rules ,
Public Comment ,
SAMHSA ,
Substance Abuse
Information is one of your company’s most valuable assets. It is critical to remain vigilant to protect against the latest cybersecurity threats and to comply with expansive privacy obligations.
Join us in New York City for...more
5/20/2019
/ Attorney-Client Privilege ,
California Consumer Privacy Act (CCPA) ,
Continuing Legal Education ,
Cybersecurity ,
Data Privacy ,
Events ,
Health Care Providers ,
Information Management ,
Information Technology ,
Popular ,
Private Equity ,
Privileged Communication ,
Risk Management ,
Security and Privacy Controls
Information is one of your company’s most valuable assets. Now more than ever before, it is critical to remain vigilant to protect against today’s latest cybersecurity threats and to comply with increasingly expansive privacy...more
The ONC recently released a proposed rule under the 21st Century Cures Act to promote interoperability of health IT and advance access, exchange or use of electronic health information. If finalized, the proposed rule would...more
3/28/2019
/ 21st Century Cures Act ,
APIs ,
Conditional Certification ,
Cost Recovery ,
Data Blocking ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Information Technologies ,
License Fees ,
ONC ,
Proposed Rules
On February 6, 2019, the DOJ announced a settlement agreement with Greenway Health, a vendor of EHR software, under which Greenway agreed to pay approximately $57 million to resolve allegations that it caused its health care...more
2/26/2019
/ Anti-Kickback Statute ,
CEHRT ,
Department of Justice (DOJ) ,
Electronic Health Record Incentives ,
False Claims Act (FCA) ,
False Statements ,
Health Care Providers ,
Health Information Technologies ,
OIG ,
Settlement Agreements ,
Vendors
CMS issued a long-awaited proposed rule aimed at enhancing interoperability and increasing patient access to health information. If finalized, CMS’s proposed rule may require hospitals and payors to make significant...more
2/21/2019
/ Centers for Medicare & Medicaid Services (CMS) ,
Conditions of Participation (CoP) ,
Data Collection ,
Data-Sharing ,
Electronic Medical Records ,
Health Care Providers ,
Health Information Technologies ,
Hospitals ,
Medicaid ,
Medical Records ,
Medicare ,
Patient Access ,
Proposed Rules ,
Public Comment ,
Qualified Health Plans ,
Request For Information
The ONC finally released its long-awaited proposed rule to implement the “information blocking” prohibition of the 21st Century Cures Act by identifying conduct that is not information blocking. If finalized, ONC’s proposed...more
2/15/2019
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Exceptions ,
Health Care Providers ,
Health Information Technologies ,
Hospitals ,
ONC ,
Patient Privacy Rights ,
Policies and Procedures ,
Proposed Rules ,
Public Comment ,
Regulatory Agenda ,
Regulatory Requirements
Introduction -
The past year was an active one for data privacy and security legislation and enforcement. Protection for certain personal data was enhanced internationally by the EU General Data Protection Regulation...more
1/29/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Protection ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
State Data Breach Notification Statutes ,
UK
California’s Senate and Assembly unanimously approved AB 375 (also known as the California Consumer Privacy Act of 2018), on June 28, 2018. This new consumer privacy bill will be the most progressive and comprehensive privacy...more
Earlier this month, more than 45,000 attendees descended on Las Vegas, NV, for the nation’s largest annual health care technology conference: the 2018 HIMSS Conference & Exhibition (HIMSS18). Conversations and educational...more
Last week, the US Court of Appeals for the DC Circuit issued a long-awaited decision on an omnibus challenge to the FCC’s interpretation of the TCPA. While the decision provides some relief for businesses, it does not...more
3/26/2018
/ Appeals ,
Arbitrary and Capricious ,
ATDS ,
Auto-Dialed Calls ,
Declaratory Rulings ,
Exemptions ,
FCC ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Prior Express Consent ,
Reassigned Phone Numbers ,
Revocation ,
Robocalling ,
Rulemaking Process ,
Smartphones ,
TCPA ,
Text Messages
The General Data Protection Regulation establishes protections for the privacy and security of personal data about individuals in the European Economic Area countries, and potentially affects the medical tourism programs and...more
The General Data Protection Regulation (GDPR) establishes protections for the privacy and security of personal data (Personal Data) about individuals in the European Union (EU) single market countries, and potentially affects...more
On May 31, 2017, the US Department of Justice announced a Settlement Agreement under which eClinicalWorks, a vendor of electronic health record software, agreed to pay $155 million and enter into a five-year Corporate...more
On January 18, 2017, the Substance Abuse and Mental Health Services Administration (SAMHSA) released its long-awaited final rule amending the confidentiality regulations at 42 CFR Part 2 (Part 2) that apply to federally...more