The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently proposed a sweeping rewrite of the HIPAA Security Rule that, if finalized, will require that many Covered Entities and their...more
The increased use of artificial intelligence (AI) in the banking, insurance, and financial services industries has led the New York State Department of Financial Services (NYDFS or Department) to publish an Industry Letter on...more
The healthcare sector has seen an alarming uptick in cybersecurity incidents, including ransomware attacks, in recent years. In response to these cybersecurity threats, New York State is ramping-up efforts to protect patient...more
11/12/2024
/ Compliance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Facilities ,
Hospitals ,
New York ,
PHI ,
Regulatory Requirements
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
7/2/2024
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
Patient Privacy Rights ,
PHI ,
Popular ,
Reporting Requirements
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
Imagine you are a corporate Human Resources/Total Rewards leader who receives a request from a state’s law enforcement agency for health plan records about a plan participant’s abortions or other reproductive health care. How...more
6/4/2024
/ Abortion ,
Employee Benefits ,
Employee Privacy Rights ,
Employer Group Health Plans ,
Employer Liability Issues ,
Final Rules ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
PHI ,
Popular ,
Reproductive Healthcare Issues
It is critical for employers and plan fiduciaries/administrators to stay informed of HIPAA privacy and security-related legal developments because most employer sponsored group health plans — regardless of the employer’s...more
5/23/2024
/ Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Employee Benefits ,
Employer Group Health Plans ,
Final Rules ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Popular ,
Reproductive Healthcare Issues
In just a few days’ time, recently promulgated federal final rules addressing sex-based nondiscrimination in the administration of health care benefits have created a flurry of healthcare industry activity. The angst arises...more
5/9/2024
/ Affordable Care Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Compensation & Benefits ,
Department of Health and Human Services (HHS) ,
Employee Benefits ,
Employer Group Health Plans ,
Final Rules ,
Health Insurance ,
Healthcare ,
Healthcare Reform ,
Non-Discrimination Rules ,
Sex Discrimination
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
12/21/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Violations ,
OCR ,
Phishing Scams ,
Popular ,
Ransomware ,
Regulatory Oversight ,
Regulatory Requirements ,
Vulnerability Assessments
On July 20, 2023, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Federal Trade Commission (FTC)announced they were sending a joint letter to approximately 130 unidentified hospital...more
8/1/2023
/ Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Mobile Apps ,
OCR ,
Patient Privacy Rights ,
PHI ,
Telehealth ,
Tracking Systems
On June 27, 2023, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued its long-anticipated final rule amending the OIG’s civil monetary penalty (CMP) regulations as they relate to...more
Direct-to-consumer health and wellness applications are forewarned: the Federal Trade Commission (FTC) is proposing changes to the Health Breach Notification Rule (HBNR), 16 C.F.R. part 318, that, if finalized, would cement...more
6/9/2023
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Health Information Technologies ,
Healthcare ,
Mobile Health Apps ,
Patient Privacy Rights ,
Policy Statement ,
Popular ,
Regulatory Agenda ,
Regulatory Reform
The Department of Health and Human Services Office for Civil Rights (OCR) issued a proposed rule on April 17, 2023, to amend provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to strengthen...more
5/26/2023
/ Abortion ,
Comment Period ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
OCR ,
Patient Privacy Rights ,
PHI ,
Pregnancy ,
Proposed Rules ,
Regulatory Agenda ,
Reproductive Healthcare Issues ,
Women's Rights
On April 11, 2023, the Department of Health and Human Services’ Office for Civil Rights (OCR) confirmed that four notifications of enforcement discretion regarding enforcement of the HIPAA Privacy, Security, and Breach...more
The Federal Trade Commission (FTC) continues to prioritize the protection of consumers’ digital health information. The agency has demonstrated this commitment through enforcement actions against GoodRx and BetterHelp for...more
4/5/2023
/ Breach Notification Rule ,
Data Collection ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
Life Sciences ,
New Guidance ,
Personal Information ,
Tracking Systems
Following its February settlement with GoodRx, the Federal Trade Commission (FTC) has fired another shot across the bow in its ongoing campaign to protect consumers’ digital health information. Earlier this month the FTC...more
3/27/2023
/ Advertising ,
Data Collection ,
Data Management ,
Data Privacy ,
Data-Sharing ,
Electronic Medical Records ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Healthcare ,
Patient Privacy Rights ,
PHI ,
Unfair or Deceptive Trade Practices
The Supreme Court’s landmark decision in Dobbs v. Jackson Women’s Health Organization represents a sea-change in Constitutional law that has already impacted our country in multiple ways. By overruling Roe v. Wade (1973)...more
8/19/2022
/ Abortion ,
Dobbs v. Jackson Women’s Health Organization ,
EMTALA ,
Health Care Providers ,
Healthcare ,
New Guidance ,
Patient Access ,
Popular ,
Pregnancy ,
Reproductive Healthcare Issues ,
Roe v Wade ,
SCOTUS
The Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) announced on July 15, 2022, that it has resolved 11 investigations conducted under the Health Insurance Portability and...more
The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) recently released new guidance (the “Guidance”) to help ensure that individuals may continue to benefit from audio-only telehealth...more
6/28/2022
/ Coronavirus/COVID-19 ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
HIPAA Security Rule ,
Infectious Diseases ,
New Guidance ,
OCR ,
Patient Access ,
Relief Measures ,
Remote Proceedings ,
Telehealth ,
Telemedicine
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced June 10, 2022 that it is producing a video presentation on “recognized security practices” as set forth in the recent amendment of...more
Covered entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have the chance to provide input on two amendments to the Health Information Technology for...more
The Centers for Medicare and Medicaid Services (“CMS”) recently published an infographic to help Medicare and Medicaid facilities and providers determine if they or some members of their workforce are subject to the Omnibus...more
The wait is over for employers seeking clarity on the details of the Biden Administration’s vaccine and testing rules for private employers, first announced by President Biden in early September and now slated to take effect...more
11/5/2021
/ Biden Administration ,
Coronavirus/COVID-19 ,
Emergency Management Plans ,
Employer Liability Issues ,
Employer Mandates ,
Essential Workers ,
Health and Safety ,
Healthcare Workers ,
Infectious Diseases ,
New Rules ,
OSHA ,
Public Health Emergency ,
Vaccinations ,
Virus Testing ,
Workplace Safety
Companies that make ransomware payments, whether they be the victim of a ransomware attack or entities that facilitate such payments, should review the updated advisory issued by U.S. Department of the Treasury's Office of...more
9/28/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Economic Sanctions ,
Financial Institutions ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk-Based Approaches ,
SDN List
Vendors of health applications (“health apps”) and connected devices that collect or use individuals’ health information, along with their service providers, are now on notice that they must provide timely notice to consumers...more