On April 26, the Federal Trade Commission (FTC) approved its Final Rule revising the Health Breach Notification Rule (HBNR) (“Final Rule”) by a 3-2 vote. The HBNR requires vendors of personal health records (PHR) and related...more
6/5/2024
/ Breach Notification Rule ,
Data Breach ,
Enforcement ,
Federal Trade Commission (FTC) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Healthcare ,
Penalties ,
PHI ,
Popular ,
Reporting Requirements ,
Rulemaking Process ,
Vendors
Colorado became the first state to comprehensively address artificial intelligence (“AI”), passing Senate Bill 24-205, or the Colorado Artificial Intelligence Act, on May 17, 2024 (“Act”). The Act establishes the nation’s...more
6/3/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
Colorado ,
Compliance ,
Disclosure Requirements ,
Governance Standards ,
High Risk Sectors ,
New Legislation ,
Penalties ,
Popular ,
Risk Management
On September 27, 2023, FDA finalized its guidance entitled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions” (the “2023 Final Guidance”). The Final Guidance replaces...more
10/11/2023
/ Artificial Intelligence ,
Cybersecurity ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Final Guidance ,
Food and Drug Administration (FDA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Machine Learning ,
Medical Devices ,
NTIA ,
Popular ,
Premarket Approval Applications ,
Risk Management ,
Software ,
Source Code
On February 1, the Federal Trade Commission (“FTC”) announced its first enforcement action under the Health Breach Notification Rule (“HBNR” or “Rule”) against GoodRx, a direct-to-consumer digital healthcare and prescription...more
2/22/2023
/ Application Programming Interface (APIs) ,
Breach Notification Rule ,
Data Privacy ,
Enforcement ,
Federal Trade Commission (FTC) ,
Final Rules ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notification Requirements ,
Popular ,
Social Security Act
On September 14, 2022, the Federal Bureau of Investigation (FBI) issued a Private Industry Notification (Notification) warning the industry regarding increasing cyber-attack activity against healthcare providers and payment...more
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a Policy Statement instructing health app and connected device companies to comply with the Health Breach Notification Rule (“the Rule”). The Rule, codified...more
11/2/2021
/ Breach Notification Rule ,
Data Breach ,
Electronic Devices ,
Federal Trade Commission (FTC) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Mobile Apps ,
PHI ,
Popular ,
Security Breach
On October 23, 2019, the Office for Civil Rights (OCR) at HHS announced the imposition of a $2,154,000 civil monetary penalty against a Florida hospital system (Hospital System) for alleged violations of the HIPAA Security...more
On October 15, 2018, the HHS Office of Civil Rights (OCR) announced a record $16 million settlement with Anthem, Inc., to settle allegations that Anthem violated certain HIPAA requirements prior to and following a 2015...more
On April 20, 2018, the House Energy and Commerce Committee posted a request for information regarding the cybersecurity risk posed by the use of legacy technologies in the healthcare sector (the RFI). “Legacy” technology is...more