On August 5, 2024, the US Department of Health and Human Services (HHS) Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP) published the Health Data,...more
On December 13, 2023, the US Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) issued the Health Data, Technology, and Interoperability: Certification...more
The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin (Dec. 2022) outlining the obligations for HIPAA covered entities and businesses when deploying online tracking...more
2/10/2023
/ Continuing Legal Education ,
Cookies ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Mobile Apps ,
OCR ,
PHI ,
Unauthorized Disclosure ,
Web Tracking ,
Webinars ,
Websites
The US Supreme Court’s recent decision to overturn Roe v. Wade in Dobbs v. Jackson Women’s Health Organization has raised many questions about potential efforts by law enforcement agencies to obtain data from healthcare and...more
7/11/2022
/ Abortion ,
Biden Administration ,
Data Collection ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Electronic Protected Health Information (ePHI) ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Pregnancy ,
Privacy Concerns ,
Roe v Wade ,
SCOTUS
On December 10, 2020, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking (NPRM) with proposed modifications to the Standards for the Privacy of...more
12/18/2020
/ Department of Health and Human Services (HHS) ,
Disclosure ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Access Request ,
HIPAA Privacy Rule ,
Information Requests ,
Medicare ,
NPRM ,
OCR ,
Third-Party
The ONC's information blocking prohibition applies to certified health IT developers and health care providers, as well as health information exchanges and health information networks. It prohibits certain fees and other...more
For companies seeking to use, license, or otherwise commercialize health data, there are potential inconsistencies among the HIPAA de-identification standard, the CCPA definition of de-identified data, and GDPR requirements...more
2/26/2020
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
De-Identified Protected Health Information ,
Electronic Protected Health Information (ePHI) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Webinars
Throughout the past year, the healthcare and life science industries experienced a proliferation of digital health innovation that challenged traditional notions of healthcare delivery and payment, as well as product...more
1/29/2020
/ Anti-Kickback Statute ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Department of Justice (DOJ) ,
Digital Health ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Enforcement ,
Food and Drug Administration (FDA) ,
Fraud and Abuse ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Regulatory Standards ,
Stark Law ,
Telemedicine
A potential disconnect between the HIPAA de-identification standard and California Consumer Privacy Act (CCPA) definition of de-identified may pose hurdles for HIPAA covered entities, their business associates and other data...more
12/4/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Data Collection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Right to Delete
The ONC recently released a proposed rule under the 21st Century Cures Act to promote interoperability of health IT and advance access, exchange or use of electronic health information. If finalized, the proposed rule would...more
3/28/2019
/ 21st Century Cures Act ,
APIs ,
Conditional Certification ,
Cost Recovery ,
Data Blocking ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Information Technologies ,
License Fees ,
ONC ,
Proposed Rules
The ONC finally released its long-awaited proposed rule to implement the “information blocking” prohibition of the 21st Century Cures Act by identifying conduct that is not information blocking. If finalized, ONC’s proposed...more
2/15/2019
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Exceptions ,
Health Care Providers ,
Health Information Technologies ,
Hospitals ,
ONC ,
Patient Privacy Rights ,
Policies and Procedures ,
Proposed Rules ,
Public Comment ,
Regulatory Agenda ,
Regulatory Requirements
Introduction -
The past year was an active one for data privacy and security legislation and enforcement. Protection for certain personal data was enhanced internationally by the EU General Data Protection Regulation...more
1/29/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Protection ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
State Data Breach Notification Statutes ,
UK