Last month, the National Academies of Science, Engineering, and Medicine (“NASEM”) issued a report discussing the inclusion of pregnant and lactating people in clinical research and the health impacts of inadequate data from...more
Even with breakthrough medication that transformed the human immunodeficiency virus (HIV) from a near-certain fatal disease to a manageable but chronic illness, many with HIV still endure debilitating effects. For about...more
Covered entities, business associates, and any entities that collect health information about consumers online should carefully review the latest joint letter from the Office for Civil Rights (OCR) and the Federal Trade...more
7/25/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Third-Party ,
Tracking Systems
A new Florida law will require certain Florida-licensed providers to ensure that patient information is physically maintained only in the continental United States and its territories or in Canada. Florida SB 264, which goes...more
6/21/2023
/ American Health Care Act (AHCA) ,
CEHRT ,
Data Security ,
Data Storage ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Florida ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medicare Advantage ,
PHI ,
Privacy Laws
In response to concerns about the confidentiality of protected health information (PHI) related to reproductive health care less than one year after Dobbs v. Jackson Women’s Health Organization decision, and the prospect of...more
All players in the health and wellness ecosystem should be following developments around the American Data Privacy and Protection Act (ADPPA). If enacted, the ADPPA would be a watershed in the regulation of the privacy and...more
On January 12, 2022, the co-owner of a clinical research site in Miami, Florida pleaded guilty to one count of obstruction of justice after she knowingly lied to a United States Food and Drug Administration (FDA) investigator...more
The HHS Office for Civil Rights (OCR) released a new guidance document regarding which HIPAA violations business associates (BAs) can and cannot be held directly liable for. In the guidance, OCR states that BAs can be held...more
Today, we’re looking back at HIPAA and other privacy and security developments in 2018. This past year saw continued HIPAA enforcement (including the largest ever fine for a HIPAA breach), reminders from the OCR on best...more
1/7/2019
/ Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Popular ,
State Data Breach Notification Statutes
Drug and device manufacturers will need to update their reporting systems and provide new training to their sales staff in the coming years based on changes to the Physician Payment Sunshine Act included in the final opioid...more
Clinical laboratories and hospitals should note the potential changes to the Protecting Access to Medicare Act of 2014 (“PAMA”) reporting requirements tucked into the 1,400 page Physician Fee Schedule Proposed Rule (the...more
Privacy and security compliance obligations for health care companies remain hot topics this spring. Health care companies must now contend with data breach laws in all 50 states as well as keeping on top of federal HIPAA...more
6/21/2018
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
Revocation ,
State and Local Government ,
State Data Breach Notification Statutes
Late last month, Senators Grassley (R-IA), Brown (D-OH), and Blumenthal (D-CT) introduced the Fighting the Opioid Epidemic with Sunshine Act, a bill that would expand Physician Payment Sunshine Act reporting requirements to...more
Last week, in a case being watched locally and nationally, the Massachusetts Supreme Judicial Court (“SJC”) ruled that local government approval is not required for the operation of a private needle exchange program and that...more
It was a busy April for the Office for Civil Rights (“OCR”) (see our prior post on a settlement from earlier in April). On April 20, OCR announced a Resolution Agreement with Center for Children’s Digestive Health, S.C....more
Welcome back everybody. While the momentum around an American Health Care Act (AHCA) comeback is unclear, there’s no discounting that efforts are ongoing to reach a consensus among House Republicans with significant pressure...more
While your business may indeed be a “victim” when hit by a phishing attack, your enterprise can also be responsible for violations of law associated with the incident. Earlier this week, the HHS Office for Civil Rights...more
Earlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam. The phishing scam, carried...more
4/13/2017
/ Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Email ,
Enforcement Actions ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Incident Response Plans ,
OCR ,
Phishing Scams ,
Risk Assessment ,
Risk Management ,
Settlement
The FBI has issued new guidance specifically applicable to medical and dental facilities regarding the cybersecurity risk of File Transfer Protocol (“FTP”) servers operating in “anonymous” mode. FTPs are routinely used to...more
3/30/2017
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Dentists ,
FBI ,
File Transfer Protocols (FTP) ,
Hackers ,
Health Care Providers ,
Hospitals ,
New Guidance ,
Pharmacies ,
PHI ,
Physicians ,
Ransomware
Wearable technology continues to do a full court press on the marketplace and in the process, the step counters of the world and health apps tied to devices capable of tracking real-time biostatistics, are revolutionizing the...more
The Massachusetts Department of Public Health (DPH) has released proposed amended regulations for the licensure of hospitals, clinics, and out-of-hospital dialysis units, proposed the rescission of separate birth center...more
Capping off a busy month of HIPAA settlements, on August 4, the Office for Civil Rights (“OCR”) announced a $5.55 million settlement with Advocate Health Care Network (“Advocate”), the largest fully-integrated healthcare...more
On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more
7/12/2016
/ Breach Notification Rule ,
Covered Entities ,
Cyber Attacks ,
Data Breach ,
Employee Training ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Hospitals ,
New Guidance ,
OCR ,
PHI ,
Ransomware ,
Security Risk Assessments
Last Friday afternoon CMS released its eagerly anticipated final rule (the Final Rule) implementing the Protecting Access to Medicare Act of 2014 (PAMA), which, together with the Final Rule, will make sweeping changes to the...more
Covered Entities need to continue to check their inboxes for emails from the HHS Office for Civil Rights (“OCR”) requesting verification of contact information in connection with Phase 2 of the HIPAA Audit Program. OCR...more