As we begin a year that will once again be transformative for the industry, we are excited to present our comprehensive 2024 year-in-review, highlighting all that has happened and the trends that will shape 2025. ...more
1/22/2025
/ Artificial Intelligence ,
Centers for Medicare & Medicaid Services (CMS) ,
Cybersecurity ,
False Claims Act (FCA) ,
Health Care Providers ,
Health Information Technologies ,
Health Insurance ,
Healthcare ,
Healthcare Reform ,
Life Sciences ,
Long Term Care Facilities ,
Medical Devices ,
Medicare ,
OIG ,
Patient Privacy Rights ,
Regulatory Requirements ,
Section 340B ,
Telehealth
In the first part of this blog post, we looked into the OCR and FTC’s focus on third-party tracking technologies. We also reviewed the AHA Lawsuit and its impact for the use of tracking technologies. In this blog post, we...more
11/19/2024
/ Administrative Law Judge (ALJ) ,
Administrative Procedure Act ,
Business Associates ,
Chevron Deference ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Judicial Review ,
Loper Bright Enterprises v Raimondo ,
OCR ,
PHI ,
Third-Party Service Provider ,
Vendors ,
Web Tracking ,
Websites
Regulatory action and class action lawsuits related to pixels and other website technologies continued to surge in 2023 and 2024, particularly in the healthcare industry....more
11/6/2024
/ Class Action ,
Dobbs v. Jackson Women’s Health Organization ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
HIPAA Breach Notification Rule ,
Hospitals ,
Mobile Apps ,
NPRM ,
OCR ,
PHI ,
Regulatory Oversight ,
Technology ,
Telehealth ,
Web Tracking ,
Websites
On June 28, in Loper Bright Enterprises v. Raimondo (Loper Bright), the U.S. Supreme Court overturned the doctrine of Chevron deference, upending 40 years of precedent and significantly shifting power to the courts to...more
7/31/2024
/ Administrative Procedure Act ,
Chevron Deference ,
Chevron v NRDC ,
Department of Health and Human Services (HHS) ,
Enforcement Authority ,
Government Agencies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Loper Bright Enterprises v Raimondo ,
OCR ,
PHI ,
Regulatory Authority ,
Risk Assessment ,
SCOTUS ,
Statutory Interpretation
On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems...more
6/28/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Business Associates ,
Consumer Privacy Rights ,
Covered Entities ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Hospitals ,
OCR ,
PHI ,
Privacy Laws ,
Regulatory Authority ,
State Privacy Laws ,
Web Tracking ,
Websites
Late on March 27, Change Healthcare (CHC)’s parent company, UnitedHealth Group (UHG), provided an update on its analysis of the extent of “impacted data” involved in the CHC incident....more
When the U.S. Department of Health and Human Services, Office for Civil Rights (HHS OCR) issued its guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” on Dec. 1, 2022 Original...more
BakerHostetler is closely monitoring imminent cybersecurity threats to healthcare revenue cycle management personnel and vendors.
Most recently, Change Healthcare (CHC), a healthcare technology and business management...more
2/26/2024
/ Breach Notification Rule ,
Business Associates ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Popular ,
Technology ,
Third-Party Service Provider
As noted back in December 2022, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued dramatic guidance (often called the Bulletin) that targets the use of so-called Internet “tracking...more
As we approach the conclusion of another transformative year, we are excited to present our comprehensive year-end review, shedding light on the trends shaping the healthcare market in 2023. Our team’s keen insights and...more
1/19/2024
/ Antitrust Litigation ,
Artificial Intelligence ,
Biotechnology ,
Cannabis Products ,
Centers for Medicare & Medicaid Services (CMS) ,
Complex Corporate Transactions ,
Coronavirus/COVID-19 ,
Corporate Transparency Act ,
Electronic Protected Health Information (ePHI) ,
False Claims Act (FCA) ,
Health Care Providers ,
Hospitals ,
Information Blocking Rules ,
Medical Research ,
Medicare ,
PHI ,
Private Equity ,
Recovery Audit Contractors (RACs) ,
Regulatory Oversight ,
Section 340B ,
SNF ,
US ex rel Tracy Schutte et al v SuperValu Inc et al
On May 10, the U.S. Food and Drug Administration (FDA) published a discussion paper, “Using Artificial Intelligence & Machine Learning in the Development of Drug & Biological Products.” The paper is a collaboration between...more
5/15/2023
/ Artificial Intelligence ,
Biologics ,
Center for Biologics Evaluation and Research (CBER) ,
Center for Drug Evaluation and Research (CDER) ,
Discussion Draft ,
Food and Drug Administration (FDA) ,
GAO ,
Life Sciences ,
Machine Learning ,
Pharmaceutical Industry ,
Popular ,
Prescription Drugs ,
Research and Development
The U.S. Food and Drug Administration (FDA) has issued new guidance to the medical device industry on the importance of cybersecurity measures in product development. ...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail...more
12/14/2022
/ Business Associates ,
Cookies ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
PHI ,
Tracking Systems
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode takes us deeper into the Office for...more
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode takes us deeper into vendor...more
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode takes us deeper into vendor...more
On May 31, 2021, the Texas Legislature approved House Bill 3746, which amends the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a data breach involving Texas residents....more
The United States Court of Appeals for the Fifth Circuit recently found that the United States Department of Health and Human Services (HHS) lacked a lawful basis for a $4.3 million civil money penalty order that it issued to...more
BakerHostetler is closely monitoring a Cybersecurity Advisory issued jointly by several government agencies including the United States Department of Health and Human Services (HHS) and the FBI, on October 28. ...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Security ,
Data Theft ,
Department of Health and Human Services (HHS) ,
FBI ,
Hackers ,
Healthcare Facilities ,
Ransomware ,
Risk Mitigation
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key...more
In March 2020, the U.S. government took extreme measures to crack down on the spread of COVID-19, including largely shutting down international air travel. However, no quarantine, lockdown, or social distancing measure...more
The United States Department of Education (ED) Student Privacy Policy Office (SPPO), on March 13, 2020, issued Frequently Asked Questions related to the serious novel coronavirus disease (COVID-19) that the world is now...more
Healthcare data can be up to 10 times more valuable to cyber criminals than credit card numbers, according to a report from the Department of Health & Human Services’ (HHS) Office of the Inspector General (OIG). And, with...more
The Office for Civil Rights (OCR) updated its agenda, outlining proposed and final rules as well as pre-rule document releases for 2018. A notable, and highly anticipated, advance notice of proposed rulemaking included on the...more
Cyber threats are here to stay. No company, large or small, is immune. But there are basic measures you can take to prepare for the legal and business risks associated with an attack.
Join members of BakerHostetler’s...more