In the first part of this blog post, we looked into the OCR and FTC’s focus on third-party tracking technologies. We also reviewed the AHA Lawsuit and its impact for the use of tracking technologies. In this blog post, we...more
11/19/2024
/ Administrative Law Judge (ALJ) ,
Administrative Procedure Act ,
Business Associates ,
Chevron Deference ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Judicial Review ,
Loper Bright Enterprises v Raimondo ,
OCR ,
PHI ,
Third-Party Service Provider ,
Vendors ,
Web Tracking ,
Websites
Regulatory action and class action lawsuits related to pixels and other website technologies continued to surge in 2023 and 2024, particularly in the healthcare industry....more
11/6/2024
/ Class Action ,
Dobbs v. Jackson Women’s Health Organization ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
HIPAA Breach Notification Rule ,
Hospitals ,
Mobile Apps ,
NPRM ,
OCR ,
PHI ,
Regulatory Oversight ,
Technology ,
Telehealth ,
Web Tracking ,
Websites
On June 28, in Loper Bright Enterprises v. Raimondo (Loper Bright), the U.S. Supreme Court overturned the doctrine of Chevron deference, upending 40 years of precedent and significantly shifting power to the courts to...more
7/31/2024
/ Administrative Procedure Act ,
Chevron Deference ,
Chevron v NRDC ,
Department of Health and Human Services (HHS) ,
Enforcement Authority ,
Government Agencies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Loper Bright Enterprises v Raimondo ,
OCR ,
PHI ,
Regulatory Authority ,
Risk Assessment ,
SCOTUS ,
Statutory Interpretation
On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems...more
6/28/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Business Associates ,
Consumer Privacy Rights ,
Covered Entities ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Hospitals ,
OCR ,
PHI ,
Privacy Laws ,
Regulatory Authority ,
State Privacy Laws ,
Web Tracking ,
Websites
Late on March 27, Change Healthcare (CHC)’s parent company, UnitedHealth Group (UHG), provided an update on its analysis of the extent of “impacted data” involved in the CHC incident....more
When the U.S. Department of Health and Human Services, Office for Civil Rights (HHS OCR) issued its guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” on Dec. 1, 2022 Original...more
As we approach the conclusion of another transformative year, we are excited to present our comprehensive year-end review, shedding light on the trends shaping the healthcare market in 2023. Our team’s keen insights and...more
1/19/2024
/ Antitrust Litigation ,
Artificial Intelligence ,
Biotechnology ,
Cannabis Products ,
Centers for Medicare & Medicaid Services (CMS) ,
Complex Corporate Transactions ,
Coronavirus/COVID-19 ,
Corporate Transparency Act ,
Electronic Protected Health Information (ePHI) ,
False Claims Act (FCA) ,
Health Care Providers ,
Hospitals ,
Information Blocking Rules ,
Medical Research ,
Medicare ,
PHI ,
Private Equity ,
Recovery Audit Contractors (RACs) ,
Regulatory Oversight ,
Section 340B ,
SNF ,
US ex rel Tracy Schutte et al v SuperValu Inc et al
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail...more
12/14/2022
/ Business Associates ,
Cookies ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
PHI ,
Tracking Systems
The OCR’s January 2018 newsletter details specific types of cyber extortion that healthcare organizations are currently encountering, including ransomware, denial of service attacks, distributed denial of service attacks and...more
How the theft of a single password-protected laptop turned into an enterprise-wide review of an organization’s data protection practices.
Following the announcement of a recent settlement between the U.S. Department of...more
Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) recently agreed to enter into a $650,000 resolution agreement and a two-year corrective action plan (CAP) with the Office for Civil Rights (OCR). CHCS...more
By couching its position in an individual’s right to access protected health information (PHI), beginning on January 7, 2016, the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) issued guidance to...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) continued its run of resolution agreements for HIPAA violations, pulling in $5.45 million from just two entities, North Memorial Health Care of...more
On January 13, 2016, the Department of Health and Human Services’ Administrative Law Judge upheld the Office for Civil Rights’ (OCR’s) civil monetary penalty (CMP) against Lincare, Inc., d/b/a United Medical (Lincare), for...more
On January 6, 2016, the U.S. Department of Health and Human Services (HHS) released a modification to the Health Insurance Portability and Accountability Act (HIPAA) removing barriers to reporting federal mental health...more
The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more
10/14/2015
/ Compliance ,
Corporate Fines ,
Corrective Actions ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personally Identifiable Information ,
PHI ,
Privacy Concerns ,
Security Risk Assessments ,
Security Rule
We have released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. The report confirms the...more
6/12/2015
/ Attorney General ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Government Investigations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Medical Records ,
OCR ,
PHI
Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is...more
2/9/2015
/ Anthem Insurance ,
Breach Notification Rule ,
Corporate Counsel ,
Data Breach ,
Employer Group Health Plans ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
PHI ,
Popular ,
Self-Insured Health Plans
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently launched an updated version of the portal covered entities must use to notify OCR regarding a breach of unsecured protected health...more
Of all the complex legal issues raised by the recent cases of Ebola in the U.S., those concerning the delicate balance between preserving patients’ privacy rights and the need to disseminate information to protect public...more
In light of the recently reported large healthcare data breaches that have resulted in the potential theft of the personal information of millions of patients, the FBI warned healthcare providers yet again of the dangers of...more
While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI),...more
Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other...more
The U.S. Department of Health and Human Services (HHS) recently published a Final Rule granting patients and their personal representatives access to the patient’s completed laboratory test reports directly from the lab...more