In the first part of this blog post, we looked into the OCR and FTC’s focus on third-party tracking technologies. We also reviewed the AHA Lawsuit and its impact for the use of tracking technologies. In this blog post, we...more
11/19/2024
/ Administrative Law Judge (ALJ) ,
Administrative Procedure Act ,
Business Associates ,
Chevron Deference ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Judicial Review ,
Loper Bright Enterprises v Raimondo ,
OCR ,
PHI ,
Third-Party Service Provider ,
Vendors ,
Web Tracking ,
Websites
Before this year, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) resolved 70 breach investigations from which fines or civil monetary penalties were secured. Of those investigations, only...more
On April 26, 2024, the U.S. Department of Health and Human Services (HHS) published its long-awaited Final Rule regarding reproductive health privacy. Although it is tempting to benchmark the Final Rule against the Dobbs...more
When the U.S. Department of Health and Human Services, Office for Civil Rights (HHS OCR) issued its guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” on Dec. 1, 2022 Original...more
On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more
3/19/2024
/ Annual Reports ,
Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HITECH Act ,
OCR ,
PHI ,
Regulatory Authority
On February 8, 2024, the U.S. Department of Health & Human Services (HHS) released a final rule modifying 42 CFR Part 2 (Part 2) provisions regarding the confidentiality of Substance Use Disorder (SUD) Patient Records. The...more
3/1/2024
/ Administrative Procedure ,
Business Associates ,
CARES Act ,
Compliance ,
Consent ,
Covered Entities ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
HIPAA Breach Notification Rule ,
HITECH Act ,
Information Sharing ,
Opioid ,
Patient Privacy Rights ,
PHI ,
Prior Authorization ,
Public Health ,
SAMHSA ,
Substance Abuse ,
Tribal Governments
Nearly two months after settlement was reached, the Department of Health and Human Services Office for Civil Rights (HHS OCR) announced on Feb. 6 that it obtained a resolution agreement with Montefiore Medical Center over...more
2/13/2024
/ Business Associates ,
Compliance ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Security and Privacy Controls
On February 27, 2023, the U.S. Department of Health and Human Services (HHS) announced that its law enforcement agency – the Office for Civil Rights (OCR) – will reorganize, adding new divisions to better address the rapid...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail...more
12/14/2022
/ Business Associates ,
Cookies ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
PHI ,
Tracking Systems
On November 28, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Substance Abuse Mental Health Services Administration (SAMHSA) announced a Notice of Proposed Rulemaking...more
12/6/2022
/ Business Associates ,
CARES Act ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Medical Records ,
NPRM ,
OCR ,
SAMHSA ,
Substance Abuse
On July 13, the Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued guidance to retail pharmacies that refusing to dispense a prescribed medication or making a determination on the suitability of...more
7/18/2022
/ Abortion ,
Anti-Discrimination Policies ,
Department of Health and Human Services (HHS) ,
Disability Discrimination ,
Federal Funding ,
New Guidance ,
OCR ,
Pharmacies ,
Pregnancy ,
Prescription Drugs ,
Reproductive Healthcare Issues ,
Sex Discrimination
To help guide entities through the significant confusion and changes that will be evolving for the next several years, BakerHostetler has assembled the Dobbs Decision Task Force (DDTF), led by attorneys in five major areas...more
On June 29, in response to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, the U.S. Department of Health & Human Services Office for Civil Rights (HHS OCR) issued guidance on when entities...more
7/5/2022
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Law Enforcement ,
New Guidance ,
OCR ,
PHI ,
SCOTUS
On March 28, 2022, Health and Human Services, Office for Civil Rights (OCR) announced the resolution of four enforcement actions, three resolved in 2021 and one resolved in 2022. There are some interesting aspects of this...more
On March 19, 2021, Xavier Becerra was confirmed as the secretary of the U.S. Department of Health and Human Services (HHS). HHS is the federal regulatory body that oversees the Office for Civil Rights (OCR), which is the...more
On Oct. 28, a joint cybersecurity advisory was published by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health & Human Services. The advisory warned of an imminent cybercrime...more
In what is being seen as a strong rebuke to years of regulatory overreach, the United States District Court for the District of Columbia entered an order on January 23, 2020 that invalidates provisions of the 2013 Omnibus...more
On April 26, 2019, the U.S. Department of Health & Human Services (HHS) issued an announcement that the annual penalty cap for three of the four tiers of HIPAA violations would be reduced significantly to match what HHS...more
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report.
The report on...more
BakerHostetler will post a series of blogs to fully explore the recommendations and guidance Health and Human Services provides healthcare organizations in its report....more