On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more
3/20/2025
/ Business Associates ,
Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Incident Response Plans ,
Notice of Proposed Rulemaking (NOPR) ,
NPRM ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Assessment ,
Technology Sector
In this final blog post in the Bradley series on the HIPAA Security Rule notice of proposed rulemaking (NPRM), we examine how the U.S. Department of Health and Human Services (HHS) Office for Civil Rights interprets the...more
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the justifications...more
Bradley has launched a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, beginning last...more
Bradley is launching a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to strengthen cybersecurity protections for electronic protected health information (ePHI) regulated...more
1/16/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Employer Group Health Plans ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
NPRM ,
OCR ,
Risk Management
The Department of Health & Human Services (HHS) released a concept paper outlining its strategy for improving cybersecurity infrastructure within the healthcare sector. The paper calls for proposing healthcare-specific...more
On May 16, 2023, the U.S. Senate Judiciary Committee conducted a significant oversight hearing on the regulation of artificial intelligence (AI) technology, specifically focusing on newer models of generative AI that create...more
Effective July 1, 2023, a new Florida law will limit certain health care providers from storing patient information offshore. CS/CS/SB 264 (Chapter 2023-33, Laws of Florida), amends the Florida Electronic Health Records...more
5/17/2023
/ Data Collection ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Digital Health ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Florida ,
Health Care Providers ,
Legislative Agendas ,
New Legislation ,
Patients ,
Personal Data ,
State and Local Government
On January 26, 2023, the U.S. National Institute of Standards and Technology (NIST) released the Artificial Intelligence (AI) Risk Management Framework (AI Risk Management Framework 1.0), a voluntary guidance document for...more
On January 26, 2023, the U.S. National Institute of Standards and Technology (NIST) released the Artificial Intelligence (AI) Risk Management Framework (AI Risk Management Framework 1.0), a voluntary guidance document for...more
Two years ago, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator (ONC) issued regulations under the 21st Century Cures Act advancing the interoperability of electronic health...more
Virtual assistants such as Amazon’s Alexa, Facebook’s Portal, Google’s Nest Hub, and countless others continue growing in popularity as families navigate safely remaining connected with their loved ones receiving long-term...more
9/22/2021
/ ALEXA ,
Americans with Disabilities Act (ADA) ,
Assisted Living Facilities (ALFs) ,
Consent ,
Coronavirus/COVID-19 ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Long Term Care Facilities ,
Long-Term Care ,
Nursing Homes ,
Policies and Procedures ,
Senior Housing ,
Skilled Nursing Facility
The U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) released an interim final rule on October 29, 2020, delaying the implementation of the...more
11/2/2020
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Compliance ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
HIPAA Privacy Rule ,
Information Blocking Rules ,
Interim Final Rules (IFR) ,
NIST ,
OIG ,
ONC
On July 15, 2020, the Substance Abuse and Mental Health Services Administration (SAMHSA), a branch of the U.S. Department of Health and Human Services (HHS), published its much-anticipated final rule to revise 42 C.F.R. Part...more
7/23/2020
/ CARES Act ,
Confidential Information ,
Consent ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Regulations ,
Patient Privacy Rights ,
SAMHSA ,
Substance Abuse
The U.S. Department of Health and Human Services (HHS) issued companion regulations advancing the interoperability of and patient access to electronic health information under the 21st Century Cures Act that will take effect...more
The U.S. Department of Health and Human Services (HHS) has issued several waivers applicable to the provision of telehealth services during the COVID-19 emergency period. Some of these waivers expand Medicare coverage and...more
This is the first alert in a series of Bradley installments on privacy issues that may arise during the current COVID-19 pandemic. This first installment focuses on disclosure of personally identifiable health information...more
Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2019 is coming up. Under the Health Insurance Portability and...more
On August 26, 2019, the Substance Abuse and Mental Health Services Administration, part of the U.S. Department of Health and Human Services (HHS), published its much-anticipated notice of proposed rulemaking to revise 42...more
8/28/2019
/ Comment Period ,
Confidential Information ,
Consent ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Drug Treatment ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Notice of Proposed Rulemaking (NOPR) ,
Opioid ,
Patient Privacy Rights ,
Prescription Drugs ,
Proposed Rules ,
Public Comment ,
Substance Abuse
Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2018 is coming up. Under the Health Insurance Portability and...more
2/13/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Filing Deadlines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Reporting Requirements
On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Anthem, Inc. will pay $16 million to settle OCR’s investigation of its potential violations of the Health...more
10/24/2018
/ Anthem Insurance ,
Corrective Actions ,
Cyber Attacks ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
Phishing Scams ,
Settlement
On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more
8/2/2018
/ Administrative Hearings ,
Administrative Law Judge (ALJ) ,
AHLA ,
Civil Monetary Penalty ,
Confidential Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Encryption ,
Enforcement Actions ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
Risk Assessment ,
Summary Judgment
Complex. Hard. Humbling. These are the descriptors former Google CEO Eric Schmidt used last week at the HIMSS 2018 Annual Conference in Las Vegas to describe the work to be done in health information technology (HIT). ...more
Uncertain. What better word to describe a year in which a new administration came to power and began to chart a new course for health policy, the fate of the Affordable Care Act (ACA) hung in the balance, and courts grappled...more
1/25/2018
/ Affordable Care Act ,
Alternative Payment Models (APM) ,
Cooperative Compliance Regime ,
Department of Justice (DOJ) ,
Electronic Health Record Incentives ,
False Claims Act (FCA) ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Reform ,
Hospital Mergers ,
Meaningful Use ,
OIG ,
Prescription Drug Coverage ,
Repeal ,
Section 340B ,
Stark Law ,
Trump Administration ,
Universal Health Services Inc v United States ex rel Escobar
On September 7, Equifax, one of three nationwide credit-reporting agencies that compile and evaluate the financial history of consumers, announced that it suffered a security breach in which sensitive information of...more
9/18/2017
/ Centers for Medicare & Medicaid Services (CMS) ,
Credit Reporting Agencies ,
Credit Reports ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Equifax ,
Federal Trade Commission (FTC) ,
Government Investigations ,
Hackers ,
Personally Identifiable Information ,
Popular