The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
7/2/2024
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
Patient Privacy Rights ,
PHI ,
Popular ,
Reporting Requirements
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
It is critical for employers and plan fiduciaries/administrators to stay informed of HIPAA privacy and security-related legal developments because most employer sponsored group health plans — regardless of the employer’s...more
5/23/2024
/ Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Employee Benefits ,
Employer Group Health Plans ,
Final Rules ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Popular ,
Reproductive Healthcare Issues
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
12/21/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Violations ,
OCR ,
Phishing Scams ,
Popular ,
Ransomware ,
Regulatory Oversight ,
Regulatory Requirements ,
Vulnerability Assessments
On July 20, 2023, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Federal Trade Commission (FTC)announced they were sending a joint letter to approximately 130 unidentified hospital...more
8/1/2023
/ Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Mobile Apps ,
OCR ,
Patient Privacy Rights ,
PHI ,
Telehealth ,
Tracking Systems
On June 27, 2023, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued its long-anticipated final rule amending the OIG’s civil monetary penalty (CMP) regulations as they relate to...more
On April 11, 2023, the Department of Health and Human Services’ Office for Civil Rights (OCR) confirmed that four notifications of enforcement discretion regarding enforcement of the HIPAA Privacy, Security, and Breach...more
The Federal Trade Commission (FTC) continues to prioritize the protection of consumers’ digital health information. The agency has demonstrated this commitment through enforcement actions against GoodRx and BetterHelp for...more
4/5/2023
/ Breach Notification Rule ,
Data Collection ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
Life Sciences ,
New Guidance ,
Personal Information ,
Tracking Systems
Following its February settlement with GoodRx, the Federal Trade Commission (FTC) has fired another shot across the bow in its ongoing campaign to protect consumers’ digital health information. Earlier this month the FTC...more
3/27/2023
/ Advertising ,
Data Collection ,
Data Management ,
Data Privacy ,
Data-Sharing ,
Electronic Medical Records ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Healthcare ,
Patient Privacy Rights ,
PHI ,
Unfair or Deceptive Trade Practices
The Supreme Court’s landmark decision in Dobbs v. Jackson Women’s Health Organization represents a sea-change in Constitutional law that has already impacted our country in multiple ways. By overruling Roe v. Wade (1973)...more
8/19/2022
/ Abortion ,
Dobbs v. Jackson Women’s Health Organization ,
EMTALA ,
Health Care Providers ,
Healthcare ,
New Guidance ,
Patient Access ,
Popular ,
Pregnancy ,
Reproductive Healthcare Issues ,
Roe v Wade ,
SCOTUS
The Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) announced on July 15, 2022, that it has resolved 11 investigations conducted under the Health Insurance Portability and...more
The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) recently released new guidance (the “Guidance”) to help ensure that individuals may continue to benefit from audio-only telehealth...more
6/28/2022
/ Coronavirus/COVID-19 ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
HIPAA Security Rule ,
Infectious Diseases ,
New Guidance ,
OCR ,
Patient Access ,
Relief Measures ,
Remote Proceedings ,
Telehealth ,
Telemedicine
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced June 10, 2022 that it is producing a video presentation on “recognized security practices” as set forth in the recent amendment of...more
Covered entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have the chance to provide input on two amendments to the Health Information Technology for...more
While fighting a surge of new coronavirus infections in many parts of the country, healthcare providers must also be prepared to defend against ransomware. On October 28, 2020, the FBI, the U.S. Department of Health and Human...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
FBI ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Ransomware ,
Vulnerability Assessments
The Internal Revenue Service (“IRS”) recently clarified that CARES Act Provider Relief Funds (“Relief Funds”) are considered taxable income for for-profit providers, including physician practices. This news comes as a...more
While the CARES Act signals relief for many healthcare providers, it is important to remember that there are strings attached and reasons for providers to involve their compliance departments in the use and tracking of the...more
Hospitals will have a limited waiver of HIPAA sanctions and penalties during the COVID-19 outbreak as a result of a bulletin issued on March 16, 2020 by the U.S. Department of Health and Human Services....more
3/18/2020
/ Anti-Discrimination Policies ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
HIPAA Privacy Rule ,
Infectious Diseases ,
OCR ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI ,
Public Health ,
Relief Measures ,
Sanctions ,
Secretary of HHS
The latest HIPAA resolution agreement by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is a reminder that healthcare providers must take the high road when responding to unflattering online...more
10/8/2019
/ Calculation of Penalties ,
Corrective Actions ,
Data Breach ,
Disclosure Requirements ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
Notice of Privacy Practices ,
OCR ,
Online Reviews ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Regulatory Violations ,
Settlement ,
Social Media
Based on the results of the Office for Civil Rights (OCR) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Phase 2 desk audits for covered entities, small and mid-sized providers (Smaller Providers) are on...more
As has been widely reported, on May 12, 2017, organizations around the world, including Britain’s National Health Service, found their data held hostage by actors using a new variant of ransomware called WannaCry. According...more
5/15/2017
/ Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Email ,
Hackers ,
Health Care Providers ,
Hospitals ,
OCR ,
Phishing Scams ,
Ransomware ,
US-CERT
April proved to be a busy month for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) under its newly appointed director, Roger Severino. OCR announced three settlements of potential HIPAA...more
5/2/2017
/ EHealth ,
Electronic Protected Health Information (ePHI) ,
FQHC ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Phishing Scams ,
Risk Management ,
Settlement ,
Telehealth
Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect...more
2/8/2017
/ Civil Monetary Penalty ,
Cyber Attacks ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Hospitals ,
OCR ,
Penalties ,
Personally Identifiable Information ,
PHI ,
Security Standards
Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators. The U.S. Department of Health and Human Services Office for Civil Rights...more
As the East Coast prepares for the arrival of Hurricane Matthew, covered entities and business associates should take the opportunity to remind their workforce members to safeguard protected health information (PHI) that is...more
10/6/2016
/ Business Associates ,
Covered Entities ,
Data Breach ,
Data Protection ,
Disaster Preparedness ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Records ,
Natural Disasters ,
Patient Privacy Rights ,
PHI ,
Severe Weather