For companies seeking to use, license, or otherwise commercialize health data, there are potential inconsistencies among the HIPAA de-identification standard, the CCPA definition of de-identified data, and GDPR requirements...more
2/26/2020
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
De-Identified Protected Health Information ,
Electronic Protected Health Information (ePHI) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Webinars
Throughout the past year, the healthcare and life science industries experienced a proliferation of digital health innovation that challenged traditional notions of healthcare delivery and payment, as well as product...more
1/29/2020
/ Anti-Kickback Statute ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Department of Justice (DOJ) ,
Digital Health ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Enforcement ,
Food and Drug Administration (FDA) ,
Fraud and Abuse ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Regulatory Standards ,
Stark Law ,
Telemedicine
On January 6, 2020, the California State Senate’s Health Committee unanimously approved California AB 713, a bill that would amend the California Consumer Privacy Act (CCPA) to except from CCPA requirements additional...more
1/17/2020
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Clinical Trials ,
CMIA ,
Exceptions ,
Food and Drug Administration (FDA) ,
Health and Safety ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Medical Research ,
Notice Requirements ,
Personal Information ,
PHI ,
Privacy Laws ,
Proposed Amendments ,
Public Health ,
The Common Rule
A potential disconnect between the HIPAA de-identification standard and California Consumer Privacy Act (CCPA) definition of de-identified may pose hurdles for HIPAA covered entities, their business associates and other data...more
12/4/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Data Collection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Right to Delete
To help accelerate the transformation of the US healthcare system from a fee-for-service to a value-based system, the US Department of Health & Human Services (HHS) launched its “Regulatory Sprint to Coordinated Care”...more
11/13/2019
/ Anti-Kickback Statute ,
Centers for Medicare & Medicaid Services (CMS) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Healthcare Reform ,
Incentives ,
Patients ,
Physicians ,
Proposed Rules ,
Regulatory Burden ,
Reimbursements ,
Safe Harbors ,
Self-Referral ,
Stark Law ,
Value-Based Care ,
Webinars
A recent update to the Office of Management and Budget (OMB) website suggests that the answer is “yes”—though that depends on how one defines “soon.” According to its website, OMB received the Office of the National...more
SAMHSA has released a long-awaited proposed rule that would modify the federal regulations at 42 CFR Part 2 (Part 2) governing the confidentiality of substance use disorder (SUD) patient records created by federally assisted...more
9/12/2019
/ Comment Period ,
Confidential Information ,
Consent ,
Disclosure Requirements ,
Health Care Providers ,
HIPAA Privacy Rule ,
Information Sharing ,
Medical Records ,
Opioid ,
Patient Privacy Rights ,
Pharmaceutical Industry ,
Proposed Rules ,
Public Comment ,
SAMHSA ,
Substance Abuse
Information is one of your company’s most valuable assets. It is critical to remain vigilant to protect against the latest cybersecurity threats and to comply with expansive privacy obligations.
Join us in New York City for...more
5/20/2019
/ Attorney-Client Privilege ,
California Consumer Privacy Act (CCPA) ,
Continuing Legal Education ,
Cybersecurity ,
Data Privacy ,
Events ,
Health Care Providers ,
Information Management ,
Information Technology ,
Popular ,
Private Equity ,
Privileged Communication ,
Risk Management ,
Security and Privacy Controls
The ONC recently released a proposed rule under the 21st Century Cures Act to promote interoperability of health IT and advance access, exchange or use of electronic health information. If finalized, the proposed rule would...more
3/28/2019
/ 21st Century Cures Act ,
APIs ,
Conditional Certification ,
Cost Recovery ,
Data Blocking ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Information Technologies ,
License Fees ,
ONC ,
Proposed Rules
On February 6, 2019, the DOJ announced a settlement agreement with Greenway Health, a vendor of EHR software, under which Greenway agreed to pay approximately $57 million to resolve allegations that it caused its health care...more
2/26/2019
/ Anti-Kickback Statute ,
CEHRT ,
Department of Justice (DOJ) ,
Electronic Health Record Incentives ,
False Claims Act (FCA) ,
False Statements ,
Health Care Providers ,
Health Information Technologies ,
OIG ,
Settlement Agreements ,
Vendors
CMS issued a long-awaited proposed rule aimed at enhancing interoperability and increasing patient access to health information. If finalized, CMS’s proposed rule may require hospitals and payors to make significant...more
2/21/2019
/ Centers for Medicare & Medicaid Services (CMS) ,
Conditions of Participation (CoP) ,
Data Collection ,
Data-Sharing ,
Electronic Medical Records ,
Health Care Providers ,
Health Information Technologies ,
Hospitals ,
Medicaid ,
Medical Records ,
Medicare ,
Patient Access ,
Proposed Rules ,
Public Comment ,
Qualified Health Plans ,
Request For Information
The ONC finally released its long-awaited proposed rule to implement the “information blocking” prohibition of the 21st Century Cures Act by identifying conduct that is not information blocking. If finalized, ONC’s proposed...more
2/15/2019
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Exceptions ,
Health Care Providers ,
Health Information Technologies ,
Hospitals ,
ONC ,
Patient Privacy Rights ,
Policies and Procedures ,
Proposed Rules ,
Public Comment ,
Regulatory Agenda ,
Regulatory Requirements
Introduction -
The past year was an active one for data privacy and security legislation and enforcement. Protection for certain personal data was enhanced internationally by the EU General Data Protection Regulation...more
1/29/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Protection ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
State Data Breach Notification Statutes ,
UK
The General Data Protection Regulation establishes protections for the privacy and security of personal data about individuals in the European Economic Area countries, and potentially affects the medical tourism programs and...more
On January 18, 2017, the Substance Abuse and Mental Health Services Administration (SAMHSA) released its long-awaited final rule amending the confidentiality regulations at 42 CFR Part 2 (Part 2) that apply to federally...more
On December 7, 2016, the US Congress enacted the 21st Century Cures Act, substantial legislation intended to accelerate “discovery, development and delivery” of medical therapies by encouraging biomedical research investment,...more
1/21/2017
/ 21st Century Cures Act ,
Ambulatory Surgery Centers ,
Digital Health ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Long Term Care Facilities ,
Manufacturers ,
Medical Devices ,
Medicare ,
Medicare Advantage ,
MedPAC ,
Mental Health ,
Mental Health Parity Rule ,
National Institute of Health (NIH) ,
Off-Campus Departments ,
Opioid ,
Patients ,
Pharmaceutical Industry ,
Research and Development ,
Small Business ,
Substance Abuse ,
Telehealth ,
Transparency
President Obama signed the 21st Century Cures Act on December 13, 2016. The act encourages biomedical research investment and facilitates innovation review and approval processes, but also serves as a vehicle for a wide...more
On January 15, 2016, the U.S. Food and Drug Administration (FDA) published a draft guidance entitled Postmarket Management of Cybersecurity in Medical Devices (Draft Guidance), which outlines FDA’s recommendations for...more
On October 16, 2015, the Centers for Medicare and Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) of the U.S. Department of Health and Human Services published the...more
On April 27, 2015, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a resolution agreement with Cornell Prescription Pharmacy (CPP) pursuant to which CPP paid a $125,000...more
7/8/2015
/ Change Management ,
Compliance ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
Pharmacies ,
Physicians ,
Policies and Procedures ,
Risk Management ,
Security Risk Assessments
Health Insurance Portability and Accountability Act of 1996 (HIPAA) covered entities have reported that the U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently sent pre-audit screening surveys...more
5/18/2015
/ Audits ,
Breach Notification Rule ,
Business Associates ,
Covered Entities ,
De-Identified Protected Health Information ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
OCR ,
PHI
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will soon begin a second phase of audits (Phase 2 Audits) of compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
7/30/2014
/ Audits ,
Best Management Practices ,
Business Associates ,
Chief Compliance Officers ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Hospitals ,
PHI ,
Popular
Office of Civil Rights has released additional guidance addressing the de-identification of protected health information in accordance with the HIPAA Privacy Rule. Covered entities should review their current...more