President Trump’s Executive Order (EO) 14187, “Protecting Children from Chemical and Surgical Mutilation,” represents a significant shift in federal policy regarding gender-affirming care (GAC) for minors....more
4/17/2025
/ Constitutional Challenges ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Federal Funding ,
Gender Identity ,
Hospitals ,
Medicaid ,
Medicare ,
Minors ,
Popular ,
Preliminary Injunctions ,
Trump Administration
On March 31, a judge in the Eastern District of Texas vacated the US Food and Drug Administration’s (FDA) rule that sought to regulate laboratory-developed tests (LDTs) as medical devices under the Federal Food, Drug, and...more
On January 20, the US Department of Homeland Security (DHS) rescinded 2021 guidelines that previously designated hospitals, clinics, and other health care facilities as “protected areas” and limited immigration enforcement...more
3/12/2025
/ Data Privacy ,
Department of Homeland Security (DHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Immigration Procedures ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Privacy Laws ,
State Privacy Laws
Last week, the US Food and Drug Administration (FDA) announced the end of a years-long shortage of semaglutide injection products — a popular glucagon-like peptide 1 (GLP-1) weight loss and diabetes medication. As a result,...more
2/27/2025
/ Compliance ,
Enforcement Actions ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Pharmaceutical Industry ,
Pharmacies ,
Popular ,
Prescription Drugs ,
Regulatory Agenda ,
Regulatory Requirements ,
Telehealth
On January 20, the US Department of Homeland Security (DHS) rescinded 2021 guidelines that prohibited immigration enforcement actions in or near medical and health care facilities and other protected areas. Hospitals and...more
2/25/2025
/ Compliance ,
Department of Homeland Security (DHS) ,
Enforcement Actions ,
FDNS ,
Foreign Nationals ,
Healthcare Facilities ,
Immigration and Customs Enforcement (ICE) ,
Immigration Procedures ,
Law Enforcement ,
Patient Privacy Rights ,
Risk Management
With 2025 underway, the AFS Health Care team highlights some of the most pressing legal issues facing the health care industry this year....more
Gender-affirming care (GAC) is a model of care encompassing medical, surgical, mental health, and non-medical services to support transgender and nonbinary individuals in affirming their gender identity. Advocates argue that...more
In the final days of the Biden Administration, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a notice of proposed rulemaking (NPRM) to modify the Security Rule under the Health...more
2/10/2025
/ Artificial Intelligence ,
Audits ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Emerging Technologies ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Proposed Rules ,
Risk Management ,
Technology
As of December 23, health care providers, health plans, and health care clearinghouses (covered entities) and their business associates (collectively, regulated entities) must comply with new reproductive health care privacy...more
12/20/2024
/ Administrative Procedure Act ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Loper Bright Enterprises v Raimondo ,
OCR ,
PHI ,
Popular ,
Reproductive Healthcare Issues ,
SCOTUS ,
Statutory Interpretation ,
Texas ,
Trump Administration
In a significant move toward regulating artificial intelligence (AI) in health care, Assembly Bill (AB) 3030 will require health facilities, clinics, and physician practices in California to provide disclaimers to patients...more
On September 28, California Governor Gavin Newsom vetoed Assembly Bill (AB) 3129. The proposed law sought to regulate health care transactions involving private equity and hedge funds. The veto avoids overlapping and...more
In 2021, we provided an overview of multiple federal lawsuits challenging the US Department of Health and Human Services (HHS) Health Resources and Services Administration’s (HRSA) enforcement of the 340B Drug Pricing...more
On June 20, a federal district court in Texas ruled that the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) exceeded its authority under the Health Insurance Portability and Accountability Act...more
8/22/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Serious Health Conditions ,
Tracking Systems
In 2021, we provided an overview of multiple federal lawsuits challenging the US Department of Health and Human Services (HHS) Health Resources and Services Administration’s (HRSA) enforcement of the 340B Drug Pricing...more
6/27/2024
/ Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
HRSA ,
Interstate Commerce ,
Manufacturers ,
Medicaid ,
Pharmaceutical Industry ,
PHRMA ,
Section 340B
Who will notify the potentially millions of individuals whose information might have been jeopardized by the massive cyberattack on Change Healthcare? Since the affiliate of UnitedHealth Group (UHG) first reported the...more
6/19/2024
/ Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Department of Health and Human Services (HHS) ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
Investigations ,
OCR ,
PHI ,
Popular
On April 26, the US Department of Health and Human Services Office for Civil Rights (OCR) published a Final Rule that adds protections under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule...more
5/29/2024
/ Attestation Requirements ,
Compliance ,
Covered Entities ,
Data Collection ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
Investigations ,
Notice Requirements ,
OCR ,
PHI ,
Popular ,
Privacy Laws ,
Reproductive Healthcare Issues ,
SCOTUS
Disputes between 340B Drug Pricing Program-covered entities and the drug manufacturers required to sell outpatient drugs to those entities at discounted prices will be governed by an alternative dispute resolution (ADR)...more
5/15/2024
/ Affordable Care Act ,
Conflicts of Interest ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Dispute Resolution ,
Federal Rules of Civil Procedure ,
Federal Rules of Evidence ,
Final Rules ,
HRSA ,
Manufacturers ,
Office of Pharmacy Affairs (OPA) ,
Prescription Drugs ,
Section 340B
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
5/9/2024
/ Breach Notification Rule ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
OCR ,
PHI ,
Privacy Laws
Change Healthcare, an affiliate of Optum and UnitedHealth Group, processes more than 15 billion health care transactions annually and touches one of every three patient records. On February 21, Change disconnected its...more
3/15/2024
/ American Medical Association ,
Centers for Medicare & Medicaid Services (CMS) ,
Cyber Attacks ,
Cybersecurity ,
Health Care Providers ,
Healthcare ,
Insurance Industry ,
Medicare Part B ,
Payment Systems ,
Policies and Procedures ,
Popular ,
Prescription Drug Coverage ,
Prescription Drugs ,
Ransomware
With the recent passage of Assembly Bill (AB) 254 and AB 1697, California’s Confidentiality of Medical Information Act (CMIA) will extend privacy protections to reproductive and sexual health information on mobile...more
12/4/2023
/ California ,
Department of Health and Human Services (HHS) ,
Digital Service Providers ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Internet Privacy Protection Acts ,
Mobile Apps ,
OCR ,
Reproductive Healthcare Issues ,
Websites
In Advisory Opinion No. 23-04, the US Department of Health and Human Services (HHS) Office of Inspector General (OIG) analyzed certain proposed changes to the functionality of a health care technology company’s online...more
8/15/2023
/ Advisory Opinions ,
Algorithms ,
Anti-Kickback Statute ,
Federal Health Care Programs (FHCP) ,
Fees ,
Fraud and Abuse ,
Health Care Providers ,
Health Technology ,
Kickbacks ,
Medicaid ,
Medicare ,
OIG
A final rule published on July 3, 2023, empowers the US Department of Health and Human Services (HHS) Office of Inspector General (OIG) to impose civil monetary penalties (CMP) of up to $1 million for unlawful acts of...more
8/4/2023
/ Civil Monetary Penalty ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Final Rules ,
FTC Act ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Information Blocking Rules ,
OCR ,
OIG ,
ONC
In this installment of our post-Dobbs risk assessment series for hospitals and academic medical centers, we consider the ongoing impact of Dobbs v. Jackson Women’s Health Organization on delivery of clinical services beyond...more
As more states adopt consumer data privacy laws, Nevada and Washington stand out for their recent passage of legislation aimed specifically at protecting “consumer health data.” Both states’ laws are notably broad in their...more
The recently passed Consolidated Appropriations Act (CAA) of 2023 includes a new Stark Law exception and Anti-Kickback Statute (AKS) safe harbor, allowing hospitals and other health care entities to offer their physicians...more
6/13/2023
/ Anti-Kickback Statute ,
Consolidated Appropriations Act (CAA) ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Healthcare ,
Hospitals ,
Medicare ,
Mental Health ,
Physicians ,
Safe Harbors ,
Stark Law ,
Wellness Programs