On August 29, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) withdrew its appeal of the U.S. District Court for the Northern District of Texas’s (Court) June 20, 2024 decision in...more
Providers and payers contracting with Arizona’s Medicaid agency, the Arizona Health Care Cost Containment System (“AHCCCS”), and all such AHCCCS contractors’ subcontracts must reference and require compliance with the AHCCCS...more
On Thursday, June 20, 2024, a U.S. District Court Judge ruled that the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) overstepped its authority to act when issuing its December 2022 bulletin...more
State regulators are taking action on the use of artificial intelligence in insurance. To date, nearly a dozen states have adopted some form of the National Association of Insurance Commissioners (NAIC) Model Bulletin on the...more
Friendly reminder – the Washington My Health My Data Act (“WMHMDA”) compliance deadline for regulated entities to post their consumer health data privacy policy is March 31, 2024 (June 30, 2024 for small businesses). A...more
2/29/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Posting Requirements ,
Washington
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) released its anticipated Final Rule last week. The Final Rule revises...more
2/26/2024
/ CARES Act ,
Confidential Information ,
Consent ,
Data Management ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Regulations ,
OCR ,
Patient Privacy Rights ,
PHI ,
SAMHSA ,
Substance Abuse
On February 12, 2024, the U.S. Department of Health and Human Services (“HHS”) published a notice in the Federal Register regarding reinstatement of the Health Information Portability and Accountability Act of 1996 (“HIPAA”)...more
2/16/2024
/ Covered Entities ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Federal Register ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Audits ,
HIPAA Breach ,
HITECH Act ,
OCR ,
Patient Privacy Rights ,
PHI
The upcoming year will continue to hold challenges for data privacy programs. The Quarles Privacy Week 2024 programming from this week has provided an overview of the upcoming issues and challenges that are on the horizon....more
2/6/2024
/ Algorithms ,
Artificial Intelligence ,
Data Privacy ,
Data Processing Rules ,
Data Protection ,
Data Transfers ,
Due Diligence ,
Federal Trade Commission (FTC) ,
FTC Act ,
Internet ,
Online Platforms ,
Privacy Policy ,
Unfair or Deceptive Trade Practices ,
Websites
Everyone seems to be talking about AI these days. There is no shortage of news stories about new advances in AI technology, the latest missteps of people using “bad” information generated from AI technology, and conjecture...more
Why is everyone talking about provider disclosures to law enforcement of late? The Senate Finance Committee authored a letter to Xavier Becerra, Secretary of the U.S. Department of Health and Human Services (HHS), outlining...more
1/12/2024
/ Data-Sharing ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Requests ,
Law Enforcement ,
Life Sciences ,
Patient Privacy Rights ,
PHI ,
Roe v Wade
On December 13, the U.S. Department of Health and Human Services (HHS) through the Office of the National Coordinator for Health Information Technology (ONC) finalized its Health Data, Technology, and Interoperability:...more
This newsletter provides updates employers should be aware of heading into 2024, including an outline of the updated 2024 retirement and welfare plan limits, instructions related to the “gag order” attestation requirements...more
11/16/2023
/ 401k ,
403(b) Plans ,
Benefit Plan Sponsors ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Privacy ,
Department of Labor (DOL) ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Employees ,
Fiduciary ,
Fiduciary Rule ,
Gag Clauses ,
Health and Welfare Plans ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Plan Sponsors ,
Investment Adviser ,
Popular ,
Retirement Plan ,
Securities and Exchange Commission (SEC)
Summer 2023 gave us a blast of new and distinctive consumer health data privacy legislation. The Washington legislature could not wait to start showing off and splashing around in the summer sun by passing the country’s...more
As industry stakeholders know, cyberattacks and breaches have been on the rise in the health care industry. IBM Security’s 2023 annual report notes that the average health care data breach has reached $10.93M and that health...more
As of September 1, 2023, the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) can officially begin enforcement against Certified Health Information Technology (“HIT”) developers, health...more
9/11/2023
/ 21st Century Cures Act ,
Anti-Kickback Statute ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Health Information Technologies ,
Healthcare ,
Information Blocking Rules ,
OIG
This is Part Twelve, the final installment of our series of legal updates on the Washington My Health My Data Act (“WMHMDA”). We are thrilled that you came along as we dove into the intricacies of WMHMDA that are creating...more
8/30/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Washington
This is Part Eleven in a series of legal updates on the Washington My Health My Data (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
8/23/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Washington
This is Part Ten in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
The Securities and Exchange Commission (“SEC”) voted on July 26, 2023 to adopt new cybersecurity rules, which are aimed at helping investors better understand the cybersecurity risks associated with public companies by...more
8/3/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Form 8-K ,
National Security ,
Popular ,
Public Disclosure ,
Regulatory Reform ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
This is Part Nine in a series of legal updates on the Washington My Health My Data (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
7/26/2023
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Breach ,
Data Collection ,
Data Privacy ,
Enforcement Guidance ,
Healthcare ,
Life Sciences ,
Personal Data ,
Private Right of Action ,
Washington
This is Part Eight in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the...more
7/24/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
Healthcare ,
Personal Information ,
Popular ,
Privacy Laws ,
Washington
This is Part Seven in a series of legal updates on the Washington My Health My Data (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
7/18/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Information Technologies ,
Life Sciences ,
Personal Data ,
PHI ,
Washington
This is Part Six in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) in which Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the...more
Oh say, can you see, Part 5 in our Washington My Health My Data Act series? This is the fifth installment in our series on the Washington My Health My Data Act (“WMHMDA”)....more
This is Part Four in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating tidal waves in the...more