New HIPAA Final Rule: Key Changes to Reproductive Health Care Privacy - Thought Leaders in Health Law®
Podcast - Data Privacy and Tracking Technology Compliance
Medical Device Legal News with Sam Bernstein: Episode 10
AI Risks in Healthcare
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
Healthcare Privacy Walkthroughs
HIPAA Tips With Williams Mullen - Health Care Providers - Are You Ready for a Ransomware Attack?
Hybrid Workforces and Compliance with Sheila Limmroth
Privacy and Healthcare Business Associates with Isabella Porter
Podcast: Interoperability: The Provider Perspective - Diagnosing Health Care
HIPAA Tips With Williams Mullen - COVID Health Information and HIPAA – Do You Know the Rules?
Podcast–Interoperability: How Far We’ve Come and Where We’re Going - Diagnosing Health Care
State Law Privacy Video Series | Healthcare Entities and Health Data
Getting Personal—Wearable Devices, Data, and Compliance
AGG Talks: Technology - In the Balance: Interoperability and Security
Podcast: How Can Companies in the Health Care and Life Sciences Industries Strengthen Their Cybersecurity Posture? - Diagnosing Health Care
Nick Culbertson on Compliance Breaches in Healthcare
Privacy Series: HIPAA Breaches - When It Is, and When It Is Not a Breach
Podcast: Are Vaccine Passports the Key to Reopening? - Diagnosing Health Care
HIPPA: Privacy & Security and Potential Rule Changes
On April 22, 2024, the U.S. Department of Health and Human Services (“HHS”) issued new regulations under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) that impose new restrictions on the use and...more
It may seem like telehealth emerged overnight during the COVID 19 pandemic. However, telemedicine has been developing for centuries....more
On April 26, the US Department of Health and Human Services Office for Civil Rights (OCR) published a Final Rule that adds protections under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule...more
In light of the ongoing investigation of Change Healthcare’s ransomware attack that resulted in the improper disclosure of thousands of individuals’ PHI, now seems like a perfect time to discuss HIPAA’s requirements...more
On March 31, 2024, the Washington My Health My Data Act (MHMDA), a comprehensive consumer health privacy law, will come into force. Small businesses – defined as those processing consumer health data of fewer than 100,000...more
Washington's My Health My Data Act (MHMDA) goes into effect on March 31, 2024, for most entities subject to the law. The MHMDA imposes new notice and consent requirements for the processing of "consumer health data," with...more
After more than a year since the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) issued the proposed changes to the...more
The Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) recently published a warning letter that they jointly sent to more than 130 hospital systems and...more
As with many websites, hospitals often deploy third-party analytics tools to measure browser traffic in order to increase awareness of their websites, ensure website optimization and provide health care information to the...more
It has been a while since we last gathered for one of the monthly public meetings of the Federal Trade Commission (FTC or Commission). Clearly, the monthly nature of the meetings is questionable, but then again, there are...more
The Health Information Portability and Accountability Act (“HIPAA”) has long been described as the floor for health care privacy laws and that states and regulators are free to enact more restrictive health care privacy laws....more
Recently, lawsuits have been filed against Duke and WakeMed regarding their use of Meta’s Meta Pixel tracking product and the alleged improper disclosure of patients’ protected health information (“PHI”). The U.S. Department...more
The Federal Trade Commission (FTC) adopted a policy statement on Sept. 15, 2021, emphasizing that developers of digital health apps, connected devices and other health products have obligations under the Health Breach...more
Report on Patient Privacy 21, no. 3 (March 2021) - Sometime during the fall, a worker for a subcontractor of Humana Inc. decided to share actual member information from medical records via a Google document with people he...more
In an era of decreasing reimbursement and rapidly expanding opportunities associated with “big data”, healthcare entities may be looking for ways to monetize protected health information (“PHI”) for their own, non-patient...more
On January 6, 2020, the California State Senate’s Health Committee unanimously approved California AB 713, a bill that would amend the California Consumer Privacy Act (CCPA) to except from CCPA requirements additional...more
When sending high-volume mailings to thousands or even millions of claimants/constituents, entities are exposed to economic and professional reputational risks if the execution of the mailing is flawed or if confidential...more
HIPAA privacy and security violations can result in fines of $110 to $55,100 to covered entities (including healthcare providers and health plans) and their business associates. (45 CFR 160.404). If the violation resulted...more
Healthcare providers and other HIPAA covered entities receive requests for protected health information (“PHI”) from a variety of sources on a daily basis. Such requests can range from informal requests made during the course...more
Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the...more
Under the Privacy Rule, an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that...more
This has been a busy week for the Department of Health and Human Services / Office for Civil Rights (HHS/OCR). It has started releasing guidance on various provisions of the Omnibus HIPAA final rule (the "Final Rule") in...more
Today’s the day! Today marks the long-awaited compliance date for the HIPAA Omnibus Rule. In case you have put any thoughts of compliance with the Omnibus Rule out of your mind, you can no longer escape. Here...more
If you sponsor a group health plan that is subject to the HIPAA Privacy and Security Rules, it is time to review and revise your policies and procedures and re-train your employees regarding the proper procedures when...more
Our articles this month focus on health care reform. First, Jim Napoli and Brian Neulander comment on the potential for litigation under the Affordable Care Act's (ACA's) whistleblower protections and ERISA Section 510 as a...more