The Federal Trade Commission (FTC) just released a Policy Statement emphasizing how telemedicine and digital health apps can be held accountable under the Health Breach Notification Rule, even if the company is not subject to...more
What does the new Supreme Court text message ruling mean for your digital health business?
The Supreme Court ruled in favor of Facebook, holding that the Telephone Consumer Protection Act (TCPA) did not apply to Facebook...more
4/6/2021
/ ATDS ,
Auto-Dialed Calls ,
Facebook ,
Facebook Inc v Duguid ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Random or Sequential Number Generator ,
Robocalling ,
SCOTUS ,
TCPA ,
Telemedicine
Throughout the COVID-19 pandemic, federal agencies have sought to allow health care companies more flexibility to use popular technology and applications to better engage with their patients. One example is the Department of...more
Telemedicine and remote patient monitoring companies often want to maintain open communication channels with patients, whether it be scheduling, medication reminders, engagement pings, or even new product and service updates....more
3/8/2021
/ Class Action ,
Enforcement Actions ,
FCC ,
Federal Trade Commission (FTC) ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Notifications ,
Statutory Damages ,
TCPA ,
Telemedicine ,
Texting ,
Written Consent
The telemedicine and digital health industry has a new organization, the Telehealth Equity Coalition (TEC), which seeks expanded, meaningful access to health care. Launched in February 2021, the TEC works with nonprofit,...more
On January 14, 2021, the U.S. Court of Appeals for the Fifth Circuit vacated the civil monetary penalty (CMP) imposed by the Department of Health and Human Services (HHS) against the University of Texas M.D. Anderson Cancer...more
On January 19, 2021, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Enforcement Discretion (Notice) announcing that it will not impose penalties for...more
1/26/2021
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Encryption ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Privacy Settings ,
Public Health Emergency ,
Vaccinations
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services recently published its findings from audits conducted in 2016 and 2017 of covered entities’ and business associates’ compliance with...more
1/15/2021
/ Audits ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
Notice of Privacy Practices ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Right of Access ,
Risk Management ,
Security Risk Assessments
With 2020 officially behind us, what does 2021 have in store for telemedicine and digital health policy? A year ago, our team predicted 2020 would bring “notable expansions in Medicare and Medicaid coverage” and “the...more
1/12/2021
/ American Telemedicine Association ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Department of Justice (DOJ) ,
Digital Health ,
Enforcement Actions ,
Fraud ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medicaid ,
Medicare ,
OIG ,
Public Health Emergency ,
Public Readiness and Emergency Preparedness Act (PREP Act) ,
Reimbursements ,
Telehealth ,
Waivers
On December 10, 2020, the Department of Health and Human Services, Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking (NPRM) to revise the HIPAA Privacy Rule. The proposed revisions to the Privacy Rule seek...more
New guidance is available for remote patient monitoring (RPM) companies on cybersecurity and privacy compliance. The National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and...more
On November 12, 2020, the European Commission (“EC”) published a draft implementing decision on standard contractual clauses (“SCCs”) for the transfer of personal data to third countries pursuant to the General Data...more
12/7/2020
/ Cross-Border Transactions ,
Data Controller ,
Data Processors ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
During its summer conference this year, Apple announced that later in 2020, it would require application developers to provide in-depth detail regarding their data collection and use practices to give users more information...more
As many organizations continue to struggle with the fallout from the July 2020 Schrems II decision from the European Court of Justice (“CJEU”), in November, the European Data Protection Board (“EDPB”) published two pieces of...more
12/2/2020
/ Audits ,
Data Transfers ,
Due Diligence ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Executive Orders ,
FISA ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses