On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a bulletin warning that commonly used website technologies, including cookies, pixels, and session...more
As reported in a June 3, 2022 press release from the House Committee on Energy and Commerce, U.S. Representatives Frank Pallone, Cathy McMorris Rodgers, and Senator Roger Wicker released a “discussion draft” of a federal data...more
The Federal Trade Commission (“FTC”) recently issued guidance clarifying protections applicable to consumers’ sensitive personal data increasingly collected by so-called “health apps.” The FTC press release indicated it has...more
Only a few days remain before the enforcement delay that the Centers for Medicare & Medicaid Services (CMS) exercised due to COVID-19 will end and the agency will require certain payors to publish a Patient Access application...more
The roll out of the Office of the National Coordinator’s (ONC) 21st Century Cures Act Interoperability and Information Blocking Rules is reminiscent of the way HIPAA has rolled out over the course of the past 25 years. As of...more
Cyber threats and cybersecurity controls have evolved significantly over the past two decades since the HIPAA Security Rule were originally promulgated. During this same time, healthcare entities have increasingly become a...more
On January 5, 2020, HR 7898, became law amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act), 42 U.S.C. 17931, to require that “recognized cybersecurity practices” be considered by the...more
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019....more
3/2/2020
/ Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Reporting Requirements ,
Risk Management ,
Security Standards ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
On January 28, 2020, the Department of Health & Human Services (“HHS”) Office for Civil Rights (“OCR”) addressed a federal court’s January 23rd invalidation of certain provisions of the Health Insurance Portability and...more
2/12/2020
/ Covered Entities ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Document Requests ,
Electronic Medical Records ,
Fees ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
OCR ,
Personally Identifiable Information ,
PHI ,
Third-Party Service Provider
The Health Insurance Portability and Accountability Act (“HIPAA”), subject to certain exceptions, provides individuals with the right to access their personal health information (“PHI”). Recently, the Office for Civil Rights...more
On January 6, 2016, the Office for Civil Rights (“OCR”) within the federal Department of Health and Human Services (“HHS”) issued a final rule to modify the Health Insurance Portability and Accountability Act of 1996...more
On October 6, 2015, the European Court of Justice (“ECJ”), the top court of the European Union (“EU”), released its opinion in Maximillian Schrems v. Data Protection Commissioner (C-362/14), invalidating the U.S.-EU Safe...more
10/12/2015
/ Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU Directive ,
European Court of Justice (ECJ) ,
Facebook ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Ireland ,
Member State ,
Model Contracts ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
As the Department of Health and Human Services’ (“HHS”) Office of Civil Rights (“OCR”) proceeds with its second round of HIPAA audits, this time covering business associates as well as covered entities, a recent settlement...more
On July 10, 2015, the Federal Communications Commission (“FCC”) issued a Declaratory Ruling and Order (“Declaratory Ruling”) in response to 21 separate requests seeking clarification or other action on the Telephone Consumer...more
7/23/2015
/ Advertising ,
CAN-SPAM Act ,
Debt Collection ,
Declaratory Rulings ,
Exceptions ,
FCC ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Prior Express Consent ,
Reassigned Phone Numbers ,
TCPA ,
Telemarketing ,
Text Messages ,
Wireless Devices
On January 25, 2013, the Health Insurance Portability and Accountability Act ("HIPAA") regulations (the "Omnibus Rule") implementing the statutory amendments under the Health Information Technology for Economic and Clinical...more