On February 20, 2025, the U.S. Department of Health and Human Services (“HHS”) took action pursuant to President Trump’s Executive Order 14187 (“EO 14187”), which is aimed at ending gender affirming care for minors. EO 14187...more
2/21/2025
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Executive Orders ,
Gender Expression ,
Gender Identity ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
LGBTQ ,
Patient Access ,
Patient Privacy Rights ,
PHI ,
Reproductive Healthcare Issues ,
Transgender ,
Trump Administration
‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
1/2/2025
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Security Rule ,
HIPAA Violations ,
Life Sciences ,
NPRM ,
OCR ,
PHI ,
Regulatory Agenda ,
Rulemaking Process
December 23, 2024, was the compliance deadline for HIPAA covered entities and business associates to apply the protections of the HIPAA Privacy Rule to support Reproductive Health Care Privacy Final Rule—that is all covered...more
On September 18, 2024, the Attorney General (AG) of Texas announced a settlement with an artificial intelligence-focused healthcare technology company to resolve allegations of false and misleading statements about the...more
10/16/2024
/ Artificial Intelligence ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
False Statements ,
Health Care Providers ,
Health Technology ,
Life Sciences ,
Misleading Statements ,
Settlement ,
State Attorneys General ,
Texas
On August 29, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) withdrew its appeal of the U.S. District Court for the Northern District of Texas’s (Court) June 20, 2024 decision in...more
Friendly reminder – the Washington My Health My Data Act (“WMHMDA”) compliance deadline for regulated entities to post their consumer health data privacy policy is March 31, 2024 (June 30, 2024 for small businesses). A...more
2/29/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Posting Requirements ,
Washington
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) released its anticipated Final Rule last week. The Final Rule revises...more
2/26/2024
/ CARES Act ,
Confidential Information ,
Consent ,
Data Management ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Regulations ,
OCR ,
Patient Privacy Rights ,
PHI ,
SAMHSA ,
Substance Abuse
This is Part Twelve, the final installment of our series of legal updates on the Washington My Health My Data Act (“WMHMDA”). We are thrilled that you came along as we dove into the intricacies of WMHMDA that are creating...more
8/30/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Washington
This is Part Eleven in a series of legal updates on the Washington My Health My Data (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
8/23/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Washington
This is Part Seven in a series of legal updates on the Washington My Health My Data (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
7/18/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Information Technologies ,
Life Sciences ,
Personal Data ,
PHI ,
Washington
This is Part Six in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) in which Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the...more
This is Part Two in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles is doing a deep dive into the various factors and intricacies of the Act that are shaping up to create a sea of...more
6/9/2023
/ B2B Organizations ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Geolocation ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Life Sciences ,
Personal Data ,
Washington
Effective today, October 6, 2022, the Information Blocking Rule will expand in scope to prohibit interfering with access or exchange of information in a designated record set. With this expansion of the Information Blocking...more
March was a busy month for data privacy and security, especially as it relates to health care entities. To help keep you up to date with the changes, we’ve included a few highlights for you below...
...more
4/6/2022
/ Cybersecurity Framework ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
Life Sciences ,
Patient Privacy Rights ,
Proposed Legislation ,
Regulatory Reform ,
State Data Breach Notification Statutes