A case pending before the Supreme Court could jeopardize the Affordable Care Act’s (ACA) mandate that certain preventive services be provided on a first dollar coverage basis to plan members. Kennedy v. Braidwood Management...more
On May 8, 2025, the Food and Drug Administration (FDA) announced the completion of its generative artificial intelligence (AI) pilot program for scientific reviewers. FDA Commissioner Marty Makary was quoted in the...more
On January 7, 2025, FDA published a draft guidance titled “Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations.” The draft guidance was long-anticipated; it...more
1/13/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Management ,
Data Protection ,
Draft Guidance ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Food and Drug Administration (FDA) ,
Life Sciences ,
Machine Learning ,
Medical Devices ,
Popular ,
Regulatory Requirements ,
Risk Assessment ,
Software
On December 1, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services provided guidance on the intersection of the Health Insurance Portability and Accountability Act (HIPAA) and the use of...more
With two recent enforcement actions, the Federal Trade Commission (FTC) has shown that administering appropriate data security policies is an area of priority. On October 24, 2022, the FTC announced a Proposed Consent Order...more
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a Policy Statement instructing health app and connected device companies to comply with the Health Breach Notification Rule (“the Rule”). The Rule, codified...more
11/2/2021
/ Breach Notification Rule ,
Data Breach ,
Electronic Devices ,
Federal Trade Commission (FTC) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Mobile Apps ,
PHI ,
Popular ,
Security Breach
On April 1, in a highly anticipated decision that likely will have a significant effect on litigation under the Telephone Consumer Protection Act (TCPA), the Supreme Court ruled on what qualifies as an “automatic telephone...more
Over the last two months, the U.S. Department of Health and Human Services (“HHS”) published guidance regarding the enforcement of HIPAA and its privacy and security requirements in response to the COVID-19 public health...more
5/6/2020
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Facebook ,
Good Faith ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Public Health ,
Public Health Emergency ,
SAMHSA ,
Telehealth
On March 9, 2020, CMS released its final rule creating certain interoperability and patient access standards (CMS Final Rule). On the same day, the ONC released a rule that addressed interoperability as well (ONC Final...more
On January 31, 2020, the Department of Defense (DoD) released the latest version (Version 1.0) of its Cybersecurity Maturity Model Certification (CMMC) framework, setting forth future cybersecurity requirements for thousands...more
3/5/2020
/ Certification Requirements ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Request For Information ,
Third Party Assessment Organization (3PAO)
Increased premarket submission and post-market reporting requirements potentially on the horizon for high-tech devices. The Food and Drug Administration’s (“FDA’s”) budget proposal for FY2021 telegraphs FDA’s plan to seek new...more
Your Organization’s best defense in an environment of aggressive regulators and litigious plaintiffs’ counsel is the completion of an enterprise risk assessment. Regulators and attorneys general are fining–sometimes hundreds...more
2/8/2019
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Enterprise Risks ,
Hackers ,
HIPAA Breach ,
NIST ,
OCR ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Stakeholder Engagement
In its most recent cybersecurity initiative, the U.S. Department of Health and Human Services (HHS) has released Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, described as a set of...more