On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more
3/20/2025
/ Business Associates ,
Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Incident Response Plans ,
Notice of Proposed Rulemaking (NOPR) ,
NPRM ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Assessment ,
Technology Sector
In this final blog post in the Bradley series on the HIPAA Security Rule notice of proposed rulemaking (NPRM), we examine how the U.S. Department of Health and Human Services (HHS) Office for Civil Rights interprets the...more
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the justifications...more
Bradley has launched a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, beginning last...more
Bradley is launching a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to strengthen cybersecurity protections for electronic protected health information (ePHI) regulated...more
1/16/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Employer Group Health Plans ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
NPRM ,
OCR ,
Risk Management
The Department of Health & Human Services (HHS) released a concept paper outlining its strategy for improving cybersecurity infrastructure within the healthcare sector. The paper calls for proposing healthcare-specific...more
Virtual assistants such as Amazon’s Alexa, Facebook’s Portal, Google’s Nest Hub, and countless others continue growing in popularity as families navigate safely remaining connected with their loved ones receiving long-term...more
9/22/2021
/ ALEXA ,
Americans with Disabilities Act (ADA) ,
Assisted Living Facilities (ALFs) ,
Consent ,
Coronavirus/COVID-19 ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Long Term Care Facilities ,
Long-Term Care ,
Nursing Homes ,
Policies and Procedures ,
Senior Housing ,
Skilled Nursing Facility
On July 15, 2020, the Substance Abuse and Mental Health Services Administration (SAMHSA), a branch of the U.S. Department of Health and Human Services (HHS), published its much-anticipated final rule to revise 42 C.F.R. Part...more
7/23/2020
/ CARES Act ,
Confidential Information ,
Consent ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Regulations ,
Patient Privacy Rights ,
SAMHSA ,
Substance Abuse
The U.S. Department of Health and Human Services (HHS) has issued several waivers applicable to the provision of telehealth services during the COVID-19 emergency period. Some of these waivers expand Medicare coverage and...more
This is the first alert in a series of Bradley installments on privacy issues that may arise during the current COVID-19 pandemic. This first installment focuses on disclosure of personally identifiable health information...more
Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2019 is coming up. Under the Health Insurance Portability and...more
On August 26, 2019, the Substance Abuse and Mental Health Services Administration, part of the U.S. Department of Health and Human Services (HHS), published its much-anticipated notice of proposed rulemaking to revise 42...more
8/28/2019
/ Comment Period ,
Confidential Information ,
Consent ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Drug Treatment ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Notice of Proposed Rulemaking (NOPR) ,
Opioid ,
Patient Privacy Rights ,
Prescription Drugs ,
Proposed Rules ,
Public Comment ,
Substance Abuse
Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2018 is coming up. Under the Health Insurance Portability and...more
2/13/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Filing Deadlines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Reporting Requirements
On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Anthem, Inc. will pay $16 million to settle OCR’s investigation of its potential violations of the Health...more
10/24/2018
/ Anthem Insurance ,
Corrective Actions ,
Cyber Attacks ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
Phishing Scams ,
Settlement
On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more
8/2/2018
/ Administrative Hearings ,
Administrative Law Judge (ALJ) ,
AHLA ,
Civil Monetary Penalty ,
Confidential Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Encryption ,
Enforcement Actions ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
Risk Assessment ,
Summary Judgment
Complex. Hard. Humbling. These are the descriptors former Google CEO Eric Schmidt used last week at the HIMSS 2018 Annual Conference in Las Vegas to describe the work to be done in health information technology (HIT). ...more
Uncertain. What better word to describe a year in which a new administration came to power and began to chart a new course for health policy, the fate of the Affordable Care Act (ACA) hung in the balance, and courts grappled...more
1/25/2018
/ Affordable Care Act ,
Alternative Payment Models (APM) ,
Cooperative Compliance Regime ,
Department of Justice (DOJ) ,
Electronic Health Record Incentives ,
False Claims Act (FCA) ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Reform ,
Hospital Mergers ,
Meaningful Use ,
OIG ,
Prescription Drug Coverage ,
Repeal ,
Section 340B ,
Stark Law ,
Trump Administration ,
Universal Health Services Inc v United States ex rel Escobar
Last month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced the largest settlement to date for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA)....more
9/21/2016
/ Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
Risk Management ,
Settlement Agreements
Part of Bradley Arant’s Privacy and Information Security Team’s seven-part Data Breach Toolkit Webinar Series, the “Data Breach Response Planning: Laying the Right Foundation” webinar, led by Paige Boshell and Amy Leopard,...more
9/17/2015
/ Banking Sector ,
Banks ,
Breach Notification Rule ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Federal Trade Commission (FTC) ,
FFIEC ,
Financial Institutions ,
FTC v Wyndham ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Incident Response Plans ,
Information Sharing ,
NIST ,
Privacy Concerns ,
Wyndham
How should health care companies strengthen their HIPAA compliance programs to manage the risk of a potential FTC investigation?
While the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more
On December 5, 2013, the Office of Inspector General (OIG) reported on the Office for Civil Rights’ (OCR) compliance as of May 2011 with oversight and enforcement of the Security Rule and compliance with federal cybersecurity...more
1/10/2014
/ Centers for Medicare & Medicaid Services (CMS) ,
Compliance ,
Confidential Information ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
NIST ,
OCR ,
OIG ,
Patient Privacy Rights ,
Personally Identifiable Information ,
Right to Privacy ,
Security Audits ,
Security Rule
As 2013 draws to a close, we are pleased to look back on the year that was and highlight some of the key developments in the ever-changing field of health law. While a great deal of attention was focused on the implementation...more
12/30/2013
/ Acquisitions ,
Affordable Care Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Drug Compounding ,
Health Insurance Exchanges ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare.gov ,
HITECH Act ,
Hospitals ,
Medicaid Expansion ,
Medicare Part A ,
Mergers ,
MHPAEA ,
Physician Payments ,
Physician-Owned Distributors ,
Stark Law
As the countdown to the compliance deadline for the Health Information Technology for Economic and Clinical Health (HITECH) Act Omnibus Rule begins, we offer the following as a reminder of tasks that covered entities,...more
The Office of Civil Rights (“OCR”) of the Department of Health and Human Services (“HHS”) published today the much anticipated final omnibus rule implementing the Health Information Technology for Economic and Clinical Health...more
1/28/2013
/ Business Associates ,
Compliance ,
Covered Entities ,
Data Breach ,
Data Protection ,
Enforcement ,
Fundraisers ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
Notice Requirements ,
OCR ,
PHI ,
Privacy Rule