A recent federal court decision is a victory for Health Insurance Portability and Accountability Act (HIPAA) covered entities using third-party tracking tools on unauthenticated webpages. These are websites available to the...more
6/26/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Business Associates ,
Covered Entities ,
Federal Trade Commission (FTC) ,
Final Judgment ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
IP Addresses ,
Judicial Review ,
OCR ,
PHI ,
Regulatory Authority ,
Warning Letters ,
Web Tracking ,
Websites
After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has, as part of its mandate, the responsibility to enforce the Health Insurance Portability and Accountability Act (HIPAA) Security Rule....more
5/14/2024
/ Audits ,
Business Associates ,
Compliance ,
Covered Entities ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
HITECH Act ,
OCR ,
PHI ,
Popular ,
Ransomware ,
Risk Assessment ,
Web Tracking
In the midst of an industry reeling from the Change Healthcare cybersecurity incident, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a series of final rules requiring...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued updated guidance on March 18, 2024 regarding the use of online tracking technologies by entities and business associates covered by the...more
3/19/2024
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Priorities ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Tracking Systems ,
Web Tracking ,
Websites
Hospitals care about patient privacy, but they also have to connect with the public. In the real world, people mostly connect online. Having a fully functional online presence often requires help from third parties. ...more
11/8/2023
/ American Hospital Association ,
Business Associates ,
Class Action ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
PHI ,
Third-Party Service Provider ,
Tracking Systems ,
Web Tracking
If a Health Insurance Portability and Accountability Act (HIPAA)-covered entity experiences a data breach involving fewer than 500 individuals, the incident must be reported to the U.S. Department of Health and Human Services...more
The Federal Trade Commission (FTC) adopted a policy statement on Sept. 15, 2021, emphasizing that developers of digital health apps, connected devices and other health products have obligations under the Health Breach...more
9/27/2021
/ App Developers ,
Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Mobile Apps ,
Mobile Health Apps ,
Notice Requirements ,
PHI
An amendment to the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on Jan. 5, 2021, directing U.S. Health and Human Services (HHS) to consider "recognized security practices"...more
8/31/2021
/ Compliance ,
Covered Entities ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Industry Cybersecurity Practices (HICP) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Incident Response Plans ,
New Legislation ,
NIST ,
PHI
On Jan. 5, 2021, the President signed into law H.R. 7898, which provides even more incentive for Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates to develop robust security...more
Healthcare providers face a dilemma when patients post complaints or make other statements on social media. Just because a patient has made certain information public does not mean that the provider can also post protected...more
10/9/2019
/ Corporate Fines ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Online Reviews ,
PHI ,
Social Networks ,
Yelp
The federal Department of Health and Human Services' Office for Civil Rights, which enforces HIPAA, maintains a website with very helpful "frequently asked questions" (FAQs) regarding the HIPAA Privacy Rule and Security Rule....more
4/23/2019
/ App Developers ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
EHR ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mobile Apps ,
New Guidance ,
OCR
Under HIPAA, patients have a right to information about certain disclosures, referred to as an accounting. Under the current iteration of the regulations, covered entities and business associates need not account for...more
5/15/2018
/ Accounting ,
Advanced Notice of Proposed Rulemaking (ANPRM) ,
Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Disclosure ,
Electronic Medical Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
OCR ,
Patient Rights ,
Proposed Rules ,
Recordkeeping Requirements
A number of new developments have taken place related to Health Insurance Portability and Accountability Act (HIPAA) privacy and security compliance, and enforcement is increasing. Healthcare providers, health plans and other...more
The 340B Drug Pricing Program (340B Program), established by Section 602 of the Veterans Health Care Act of 1992, is administered by the Health Resources and Services Administration (HRSA) of HHS. The 340B Program requires...more
9/29/2015
/ Audits ,
Compliance ,
Covered Entities ,
Dental Practice ,
Department of Health and Human Services (HHS) ,
Drug Pricing ,
Fee-for-Service ,
Healthcare ,
Hospice ,
Hospitals ,
HRSA ,
MCOs ,
Medicaid ,
Medicaid Reimbursements ,
Medical Reimbursement ,
Pharmaceutical Industry ,
Pharmacies ,
Prescription Drugs ,
Section 340B ,
Skilled Nursing Facility
On December 8, 2014, the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) announced a resolution agreement with Anchorage Community Mental Health Services, Inc. (ACMHS). The agreement, which...more
Covered entities and business associates have only until September 22, 2014 to update business associate agreements that were in place as of January 25, 2013. For those members of the health industry and their vendors that...more
On April 30, the Florida Legislature passed Senate Bill 1524, otherwise known as the Florida Information Protection Act of 2014. If signed by the governor, starting July 1, this bill will impose stringent new requirements on...more
Health care providers, health plans, business associates, and other entities affected by the federal HIPAA privacy and security regulations are quickly running out of excuses for not having a robust HIPAA compliance program...more
Way back on February 17, 2009, Congress passed a stimulus bill that contained provisions referred to as the Health Information Technology for Economic and Clinical Health ("HITECH") Act. The HITECH Act was geared toward...more
2/1/2013
/ Business Associates ,
Covered Entities ,
Data Protection ,
Decedent Protection ,
Department of Health and Human Services (HHS) ,
Fundraisers ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
Notice Requirements ,
OCR ,
PHI