The U.S. Department of Health and Human Services (“HHS”) issued a Notice of Proposed Rulemaking (the “Proposed Rule”) on December 27, 2024, to significantly amend HIPAA’s Security Rule, which sets forth the security standards...more
1/6/2025
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
NPRM ,
Privacy Laws ,
Proposed Rules ,
Regulatory Requirements ,
Rulemaking Process
Ethical hackers are becoming crucial allies in the battle against healthcare data breaches and ransomware attacks. In the twelfth episode of Sheppard Mullin’s Health-e Law Podcast, Ilona Cohen, Chief Legal Officer and Chief...more
10/2/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Hackers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Privacy Laws ,
Ransomware
With technology rapidly evolving and jurisdictions appearing blurred, it is increasingly important to be mindful of data flow and use. This is particularly true where patient data is being accessed by offshore subcontractors....more
The U.S. Department of Health and Human Services (HHS) and the Substance Abuse and Mental Health Services Administration (SAMHSA) recently released the long anticipated Final Rule to revise the Confidentiality of Substance...more
In May, the Federal Trade Commission (“FTC”) proposed changes (the “Proposed Rule”) to the Health Breach Notification Rule (the “Rule”), which, among other items, emphasize that the Rule applies to mobile health applications...more
6/30/2023
/ Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Health Apps ,
Privacy Laws ,
Proposed Amendments ,
Proposed Rules ,
Technology Sector
On June 16, 2023, nearly half of the State Attorneys General penned a letter (the “Letter”) to the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) advocating for broader privacy protections...more
Texas is joining a growing number of states in passing comprehensive privacy legislation intended to safeguard consumer personal data. Specifically, the Texas Data Privacy and Security Act (the “Act”) adds protections for...more
The Centers for Medicare & Medicaid Services (“CMS”), on behalf of the U.S. Department of Health and Human Services (“HHS”), recently issued a proposed rule to adopt standards under the Health Insurance Portability and...more
Social media’s interplay with healthcare privacy presents a constantly evolving challenge. ICYMI (“in case you missed it”), there is an uptick in enforcement and scrutiny IRL (“in real life”) related to communications through...more
The U.S. Department of Health and Human Services (“HHS”) has announced proposed changes (the “Proposed Rule”) to 42 C.F.R. Part 2 (“Part 2”). While the Health Insurance Portability and Accountability Act (“HIPAA”) governs the...more
As telehealth services surged in response to the COVID-19 pandemic, unique compliance challenges likewise developed in unexpected ways. Recognizing these challenges, the Office of Civil Rights (“OCR”) indicated that it would...more
6/20/2022
/ Business Associates Agreement (BAA) ,
Coronavirus/COVID-19 ,
Data Security ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
Privacy Laws ,
Telehealth