On December 17, 2024, the US Department of Health and Human Services (HHS) Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP) published the Health Data,...more
1/15/2025
/ 21st Century Cures Act ,
Compliance ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Privacy Laws ,
Reproductive Healthcare Issues
On August 29, 2024, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) withdrew its appeal of the US District Court for the Northern District of Texas’s June 20, 2024, decision in American...more
9/4/2024
/ American Hospital Association ,
American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Appeals ,
Cookies ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
Technology Sector ,
Tracking Systems ,
Web Tracking ,
Websites
On August 19, 2024, the US Department of Health and Human Services Office for Civil Rights (OCR) filed a notice of appeal of the US District Court for the Northern District of Texas’s June 20, 2024, decision in American...more
8/28/2024
/ American Hospital Association ,
American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Appeals ,
Cookies ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
Technology Sector ,
Tracking Systems ,
Web Tracking ,
Websites
In a consequential decision for Health Insurance Portability and Accountability Act (HIPAA)-regulated entities, on June 20, 2024, the US District Court for the Northern District of Texas ruled in American Hospital Association...more
On February 8, 2024, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) jointly issued a final rule to amend the...more
On March 18, 2024, the US Department of Health and Human Services Office for Civil Rights (OCR) issued an update to its December 1, 2022, bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and...more
3/22/2024
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Priorities ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Tracking Systems ,
Web Tracking ,
Websites
In light of the increasing number of enforcement incidents under the General Data Protection Regulation (GDPR), organisations active in the Health and Life Sciences sectors in the United Kingdom, the European Union (EU) and...more
3/3/2023
/ Data Collection ,
Data Protection ,
Data-Sharing ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Life Sciences ,
Personal Information ,
Regulatory Agenda ,
UK
By January 31, 2023, general acute care hospitals, clinical labs and certain physician organizations and medical groups in California are required to enter into the Single Data Sharing Agreement (DSA) to participate in the...more
12/22/2022
/ Acute Facilities ,
California ,
Clinical Laboratories ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Health and Safety ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Hospitals ,
Personally Identifiable Information ,
Physicians ,
Policies and Procedures ,
Social Services
The US Supreme Court’s recent decision to overturn Roe v. Wade in Dobbs v. Jackson Women’s Health Organization has raised many questions about potential efforts by law enforcement agencies to obtain data from healthcare and...more
7/11/2022
/ Abortion ,
Biden Administration ,
Data Collection ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Electronic Protected Health Information (ePHI) ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Pregnancy ,
Privacy Concerns ,
Roe v Wade ,
SCOTUS
On December 10, 2020, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking (NPRM) with proposed modifications to the Standards for the Privacy of...more
12/18/2020
/ Department of Health and Human Services (HHS) ,
Disclosure ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Access Request ,
HIPAA Privacy Rule ,
Information Requests ,
Medicare ,
NPRM ,
OCR ,
Third-Party
Data license agreements have been a hot ticket item of the digital health market and are here to stay. With the exponential growth in licensed data, including de-identified patient data, data license agreement litigation and...more
10/7/2020
/ Asset Protection ,
California Consumer Privacy Act (CCPA) ,
Commercial Litigation ,
Contract Disputes ,
Contract Drafting ,
Contract Interpretation ,
Contract Terms ,
Data Protection ,
De-Identified Protected Health Information ,
Digital Health ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Intellectual Property Litigation ,
Intellectual Property Protection ,
License Agreements ,
Physicians ,
Regulatory Requirements ,
Remedies ,
Trade Secrets ,
Webinars
On August 31, 2020, the California legislature passed California AB 713, which amends the California Consumer Privacy Act (CCPA) to except from its requirements certain health information, including information that has been...more
9/17/2020
/ California Consumer Privacy Act (CCPA) ,
Data Collection ,
Exceptions ,
Food and Drug Administration (FDA) ,
Governor Newsom ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Life Sciences ,
Patients ,
Personally Identifiable Information ,
State Legislatures
As part of the CARES Act signed into law on March 27, 2020, Congress included a provision directing the secretary of Health and Human Services (HHS) to modify long-standing regulatory restrictions under the federal substance...more
On March 9, 2020, the US Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) released its long-awaited final rule identifying conduct that does not...more
For companies seeking to use, license, or otherwise commercialize health data, there are potential inconsistencies among the HIPAA de-identification standard, the CCPA definition of de-identified data, and GDPR requirements...more
2/26/2020
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
De-Identified Protected Health Information ,
Electronic Protected Health Information (ePHI) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Webinars
Throughout the past year, the healthcare and life science industries experienced a proliferation of digital health innovation that challenged traditional notions of healthcare delivery and payment, as well as product...more
1/29/2020
/ Anti-Kickback Statute ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Department of Justice (DOJ) ,
Digital Health ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Enforcement ,
Food and Drug Administration (FDA) ,
Fraud and Abuse ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Regulatory Standards ,
Stark Law ,
Telemedicine
The European Data Protection Supervisor, the independent European Union authority responsible for data protection regulatory oversight, issued a preliminary opinion on data protection and scientific research. The Opinion...more
1/24/2020
/ Advisory Opinions ,
Compliance ,
Consent ,
Data Protection ,
Data Protection Authority ,
Data Subjects Rights ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Member State ,
Personal Data ,
Scientific Research ,
The Common Rule ,
Transparency
On January 6, 2020, the California State Senate’s Health Committee unanimously approved California AB 713, a bill that would amend the California Consumer Privacy Act (CCPA) to except from CCPA requirements additional...more
1/17/2020
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Clinical Trials ,
CMIA ,
Exceptions ,
Food and Drug Administration (FDA) ,
Health and Safety ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Medical Research ,
Notice Requirements ,
Personal Information ,
PHI ,
Privacy Laws ,
Proposed Amendments ,
Public Health ,
The Common Rule
A potential disconnect between the HIPAA de-identification standard and California Consumer Privacy Act (CCPA) definition of de-identified may pose hurdles for HIPAA covered entities, their business associates and other data...more
12/4/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Data Collection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Right to Delete
Introduction -
The past year was an active one for data privacy and security legislation and enforcement. Protection for certain personal data was enhanced internationally by the EU General Data Protection Regulation...more
1/29/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Protection ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
State Data Breach Notification Statutes ,
UK
Earlier this month, more than 45,000 attendees descended on Las Vegas, NV, for the nation’s largest annual health care technology conference: the 2018 HIMSS Conference & Exhibition (HIMSS18). Conversations and educational...more
Last week, the US Court of Appeals for the DC Circuit issued a long-awaited decision on an omnibus challenge to the FCC’s interpretation of the TCPA. While the decision provides some relief for businesses, it does not...more
3/26/2018
/ Appeals ,
Arbitrary and Capricious ,
ATDS ,
Auto-Dialed Calls ,
Declaratory Rulings ,
Exemptions ,
FCC ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Prior Express Consent ,
Reassigned Phone Numbers ,
Revocation ,
Robocalling ,
Rulemaking Process ,
Smartphones ,
TCPA ,
Text Messages
On December 7, 2016, the US Congress enacted the 21st Century Cures Act, substantial legislation intended to accelerate “discovery, development and delivery” of medical therapies by encouraging biomedical research investment,...more
1/21/2017
/ 21st Century Cures Act ,
Ambulatory Surgery Centers ,
Digital Health ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Long Term Care Facilities ,
Manufacturers ,
Medical Devices ,
Medicare ,
Medicare Advantage ,
MedPAC ,
Mental Health ,
Mental Health Parity Rule ,
National Institute of Health (NIH) ,
Off-Campus Departments ,
Opioid ,
Patients ,
Pharmaceutical Industry ,
Research and Development ,
Small Business ,
Substance Abuse ,
Telehealth ,
Transparency
The US Department of Health and Human Services Office for Civil Rights recently posted guidance clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a...more
10/27/2016
/ Anti-Kickback Statute ,
Business Associates ,
Corporate Counsel ,
Covered Entities ,
Data Blocking ,
Department of Health and Human Services (HHS) ,
EHR ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
OIG ,
PHI ,
Privacy Rule ,
Vendors
On September 29, 2015, the U.S. Department of Health & Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to...more