Compliance Perspective: What's New in Healthcare Privacy
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
In March of this year, The Office for Civil Rights of the Department of Health and Human Services issued a letter addressing the recent cybersecurity incident impacting many health care entities, primarily Change Healthcare,...more
Appropriately so, providers look first to the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA), to ensure that they comply with regulations regarding patients’ protected health information...more
Recent developments at the federal and state level demonstrate that regulators are focused on protecting consumer health data. Specifically, state and federal regulators want to close the gap between HIPAA-protected data and...more
In May, the Federal Trade Commission (“FTC”) proposed changes (the “Proposed Rule”) to the Health Breach Notification Rule (the “Rule”), which, among other items, emphasize that the Rule applies to mobile health applications...more
Data Breaches risk legal consequences—both from state and federal governments and consumers, as well as reputational harm. Last month, MCNA—a dental benefit provider—provided notice of a data breach that exposed the...more
Our Privacy, Cyber & Data Strategy and Consumer Protection/FTC Teams analyze the FTC’s first-ever enforcement of its Health Breach Notification Rule and how the FTC is scrutinizing how companies share consumers’ online health...more
The Department of Health and Human Services ("HHS") has proposed amendments to the Confidentiality of Substance Use Disorder Patient Records Rule, 42 C.F.R. part 2 (the "Part 2 Rule") with a comment deadline of January 31....more
HIPAA-covered entities should note the quickly approaching March 1, 2022 deadline for reporting breaches of unsecured protected health information that occurred in 2021 and involved fewer than 500 individuals. This article...more
Recently the Health Care Compliance Association released the new Health Care Privacy Handbook, 3rd Edition. https://www.hcca-info.org/health-care-privacy-handbook To learn what’s new in the book and in healthcare privacy...more
On December 17, 2020, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its Industry Report on the HIPAA audits it conducted in 2016 and 2017. OCR found widespread noncompliance with...more
On May 22, 2020, the Federal Trade Commission (the “FTC”) published its decennial request for public comment (the “RFC”) on the FTC’s Health Breach Notification Rule (the “HBN Rule”)....more
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more