Last week, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) and the U.S. Food and Drug Administration (“FDA”) released warnings about an embedded function they found in the firmware of the Contec CMS8000,...more
2/13/2025
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Devices ,
Patient Privacy Rights ,
PHI ,
Risk Management
On January 6, 2025, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published a “Notice of Proposed Rulemaking,” HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected...more
Health Care is one of the most regulated industries in the country, and for many years, one of the key administrative agencies overseeing health care in the United States, the Department of Health and Human Services’ (“HHS”)...more
In a narrow but significant ruling in American Hospital Association et al. v. Xavier Becerra, et al., No. 4:23-cv-01110-P, the U.S. District Court for the Northern District of Texas (Hon. Mark T. Pittman) ruled that one...more
The U.S. Department of Health and Human Services (“HHS”), and Office for Civil Rights (“OCR”) issued a “Final Rule,” HIPAA Privacy Rule to Support Reproductive Health Care Privacy, which was published in the Federal...more
5/14/2024
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Popular ,
Reproductive Healthcare Issues
On February 8, 2024, the U.S. Department of Health and Human Services, through its Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA), released final rule (Final Rule)...more
2/15/2024
/ CARES Act ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
Medical Records ,
OCR ,
Patient Rights ,
Policies and Procedures ,
SAMHSA ,
Substance Abuse
On June 27, 2023, the U.S. Department of Health and Human Services (“HHS”), Office of Inspector General (“OIG”) posted on its website a final rule implementing its civil money penalty (“CMPs”) authority and providing a...more
On April 12, 2023, the Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) issued a Notice of Proposed Rulemaking (“Notice” or “NPRM”) to solicit comments on proposed modifications to the HIPAA...more
4/17/2023
/ Abortion ,
Biden Administration ,
Comment Period ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
NPRM ,
OCR ,
Patient Privacy Rights ,
PHI ,
Pregnancy ,
Proposed Rules ,
Regulatory Agenda ,
Reproductive Healthcare Issues ,
SCOTUS ,
Women's Rights
On February 1, 2023, the Federal Trade Commission (“FTC”) announced that it filed a “first-of-its-kind proposed order” under its Health Breach Notification Rule promulgated pursuant to section 13407 of the American Recovery...more
2/8/2023
/ Advertising ,
Breach Notification Rule ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
PHI ,
Targeted Digital Advertising ,
Tracking Systems
The continued proliferation of tracking technologies has created a landscape of increased exposure for entities serving individuals online. As individuals are increasingly interacting with healthcare services providers...more
“Side-Channel” attacks generally refer to a type of criminal cyber attacker activity that exploits vulnerabilities so that the attacker can collect and analyze “leakage” of data from a device, as a means to identify certain...more
12/15/2022
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Technology ,
NIST ,
Risk Management ,
Vulnerability Assessments
In the wake of the Dobbs decision, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued new guidance regarding the privacy of patients seeking reproductive health care.
The guidance...more
7/13/2022
/ Abortion ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Equal Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New Guidance ,
OCR ,
Patient Access ,
Patient Privacy Rights ,
PHI ,
Pregnancy ,
Regulatory Standards ,
Reproductive Healthcare Issues ,
Roe v Wade ,
SCOTUS ,
Women's Rights
The Federal Government continues ramping up enforcement of data security requirements by deploying significant new enforcement theories and tools in support of cyber and data security controls required by federal law....more
3/22/2022
/ CafePress ,
Consumer Information ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Justice (DOJ) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Contractors ,
Federal Trade Commission (FTC) ,
Popular ,
Regulatory Violations ,
Security Standards ,
Settlement Agreements ,
Whistleblowers
Virginia recently adopted a GDPR-inspired comprehensive data protection law for Virginia residents.
What Are the Main Points Covered by Virginia’s Consumer Data Protection Act (CDPA)?
...more
8/9/2021
/ 21st Century Cures Act ,
Biometric Information ,
Biometric Information Privacy Act ,
CDPA ,
Consumer Privacy Rights ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Collection ,
Data Localization Law ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
Information Blocking Rules ,
New Legislation ,
Personal Data
As we bid farewell to 2020 and look toward the uncharted territory of 2021, it is hard not to take inventory of all that has changed in such a short period. No one at the beginning of 2020 would have predicted what transpired...more
1/26/2021
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Communications Decency Act ,
Contact Tracing ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
DMCA ,
Employee Monitoring ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personally Identifiable Information ,
Ransomware ,
Van Buren v United States
On January 5, 2020, President Trump signed into law H.R. 7898. This new statute amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Department of Health and Human Services...more
On December 10, 2020, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued a notice of proposed rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA)...more
On October 29, 2020, the Office of the National Coordinator for Health Information Technology (ONC) announced it was delaying the compliance deadlines for information blocking and other health IT provisions initially...more
11/2/2020
/ 21st Century Cures Act ,
Comment Period ,
Coronavirus/COVID-19 ,
Deadlines ,
Department of Health and Human Services (HHS) ,
Health Information Technologies ,
Healthcare Reform ,
Infectious Diseases ,
Information Blocking Rules ,
Information Technology ,
ONC ,
Regulatory Requirements
The CISA, FBI and HHS have issued an alert (https://us-cert.cisa.gov/ncas/alerts/aa20-302a) regarding an imminent threat to hospitals and health care providers. Federal agencies have credible information to suggest that a...more
10/30/2020
/ Cyber Attacks ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
FBI ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Malware ,
Risk Management ,
Vulnerability Assessments
On May 22, 2020, the Federal Trade Commission (the “FTC”) published its decennial request for public comment (the “RFC”) on the FTC’s Health Breach Notification Rule (the “HBN Rule”)....more
6/25/2020
/ Breach Notification Rule ,
Comment Period ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HITECH Act ,
Medical Records ,
Personally Identifiable Information ,
PHI
Polsinelli is pleased to share The Privacy Survival Guide. This newsletter is a designated source of news, information and guidance on the constantly evolving health care privacy industry.
...more
The COVID-19 pandemic has created severe financial and operational difficulties for hospitals. Rapidly responding to a novel pathogen within a declared Public Health Emergency (PHE), while experiencing decreased revenues as a...more
Following the outbreak of COVID-19 in late 2019, the U.S Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) has offered guidance to covered entities and business associates regulated by the...more
With the New Year comes new medical staff leaders and a new set of growing pains. Contrary to what many of us believe, some simple steps can lessen the pain.
...more
1/17/2020
/ Anti-Competitive ,
Antitrust Violations ,
Breach of Contract ,
Covenant of Good Faith and Fair Dealing ,
Defamation ,
Due Process ,
Electronic Communications ,
Employee Evaluations ,
Equal Protection ,
Genuine Issue of Material Fact ,
Health Care Providers ,
Healthcare Facilities ,
Healthcare Workers ,
Hospitals ,
Leadership ,
Negligence ,
Patient Safety ,
Peer Review ,
Physicians ,
Retaliation ,
Summary Judgment ,
Text Messages ,
Third-Party Beneficiaries ,
Tortious Interference ,
Work-Product Doctrine
Every year, the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services, Office for Civil Rights (OCR) jointly sponsor a conference to “address the dynamic and challenging...more
10/25/2019
/ Civil Monetary Penalty ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Enforcement Actions ,
Final Determinations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
NPRM ,
OCR ,
Personally Identifiable Information ,
PHI