On October 10, 2019, the California Attorney General released proposed regulations to implement the California Consumer Privacy Act (CCPA), including substantial new requirements not included in the CCPA. Here we offer a...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
State Attorneys General
There are myriad opportunities for hospitals and health systems (HHSs) to engage in data-focused collaborations with other stakeholders in the healthcare industry. These collaborations include, to an increasing extent,...more
10/4/2019
/ Data Breach ,
Data Collection ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Digital Health ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Investors ,
Joint Venture ,
Patient Privacy Rights ,
Personally Identifiable Information ,
Private Equity ,
Risk Assessment
In this second installment of the Healthcare Enforcement Quarterly Roundup for 2019, we cover several topics that have persisted over the past few years and identify new issues that will shape the scope of enforcement efforts...more
8/16/2019
/ Acquisitions ,
Centers for Medicare & Medicaid Services (CMS) ,
DEA ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Fraud and Abuse ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Fraud ,
Home Health Agencies ,
Mergers ,
New Guidance ,
New Rules ,
OCR ,
OIG ,
Opioid ,
Pharmaceutical Industry
Information is one of your company’s most valuable assets. It is critical to remain vigilant to protect against the latest cybersecurity threats and to comply with expansive privacy obligations.
Join us in New York City for...more
5/20/2019
/ Attorney-Client Privilege ,
California Consumer Privacy Act (CCPA) ,
Continuing Legal Education ,
Cybersecurity ,
Data Privacy ,
Events ,
Health Care Providers ,
Information Management ,
Information Technology ,
Popular ,
Private Equity ,
Privileged Communication ,
Risk Management ,
Security and Privacy Controls
On April 26, 2019, the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties (the Notice) to inform the public...more
5/10/2019
/ Civil Monetary Penalty ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Eighth Amendment ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HITECH Act ,
OCR ,
Regulatory Agenda ,
Settlement Negotiations
The ONC finally released its long-awaited proposed rule to implement the “information blocking” prohibition of the 21st Century Cures Act by identifying conduct that is not information blocking. If finalized, ONC’s proposed...more
2/15/2019
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Exceptions ,
Health Care Providers ,
Health Information Technologies ,
Hospitals ,
ONC ,
Patient Privacy Rights ,
Policies and Procedures ,
Proposed Rules ,
Public Comment ,
Regulatory Agenda ,
Regulatory Requirements
The US Department of Health and Human Services, Office for Civil Rights (OCR) published a long-awaited Request for Information seeking feedback on whether and how the HIPAA Rules should be revised to better promote...more
Lack of a sufficient risk analysis continues to be one of the most commonly alleged violations in Office for Civil Rights (OCR) HIPAA enforcement actions, appearing in half of all OCR settlements announced in the last 12...more
The US Department of Health and Human Services Office for Civil Rights recently posted guidance clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a...more
10/27/2016
/ Anti-Kickback Statute ,
Business Associates ,
Corporate Counsel ,
Covered Entities ,
Data Blocking ,
Department of Health and Human Services (HHS) ,
EHR ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
OIG ,
PHI ,
Privacy Rule ,
Vendors
On September 29, 2015, the U.S. Department of Health & Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to...more
Health Insurance Portability and Accountability Act of 1996 (HIPAA) covered entities have reported that the U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently sent pre-audit screening surveys...more
5/18/2015
/ Audits ,
Breach Notification Rule ,
Business Associates ,
Covered Entities ,
De-Identified Protected Health Information ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
OCR ,
PHI
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently transmitted HIPAA pre-audit screening surveys to covered entities that may be selected for a second phase of HIPAA compliance audits...more
On December 2, 2014, the Office for Civil Rights (OCR) and Anchorage Community Mental Health Services, Inc., (ACMHS) entered into a Resolution Agreement and Corrective Action Plan (CAP) to settle alleged violations of the...more
In 2014, regulators around the globe issued guidelines, legislation and penalties in an effort to enhance security and control within the ever-shifting field of privacy and data protection. The Federal Trade Commission...more
12/11/2014
/ Africa ,
Anti-Spam Legislation ,
Canada ,
China ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Federal Trade Commission (FTC) ,
Latin America ,
Legislative Agendas
ZTE Corp. v. ContentGuard Holdings, Inc. -
In four final written decisions in inter partes review (IPR) challenges, the Patent Trial and Appeal Board (PTAB) concluded that the petitioner had not demonstrated by a...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will soon begin a second phase of audits (Phase 2 Audits) of compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
7/30/2014
/ Audits ,
Best Management Practices ,
Business Associates ,
Chief Compliance Officers ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Hospitals ,
PHI ,
Popular
“Heartbleed” has been all over the news, and companies have been scrambling to respond. What sounds like a nasty medical condition is actually a recently discovered flaw in popular encryption software called OpenSSL. It has...more
On February 18, 2014, the U.S. Centers for Medicare & Medicaid Services published an announcement in the Federal Register regarding an open period for additional providers to be considered for participation in Models 2, 3 and...more
In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet. Our panel of...more
1/29/2014
/ Affordable Care Act ,
Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EHR ,
Enforcement ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Neiman Marcus ,
Personally Identifiable Information ,
PHI ,
Privacy Laws ,
Safe Harbors ,
Target
The compliance date for the omnibus final rule amending the privacy, security, breach notification and enforcement regulations under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information...more
7/25/2013
/ Breach Notification Rule ,
Compliance ,
Data Breach ,
Data Protection ,
Deadlines ,
Enforcement ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Omnibus Rule ,
Privacy Policy
On January 25, 2013, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published a final rule (Final Rule) containing modifications to the privacy standards (Privacy Rule), security...more
2/21/2013
/ Business Associates ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Privacy Rule