Donald DePass on OCR

Slew of OCR activity underscores agency’s focus on security and AI

Recent enforcement actions, audit activity, proposed rulemakings, and guidance issued by the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) highlight the agency’s focus on health data...more

1/17/2025 / Artificial Intelligence , Audits , Compliance , Cyber Attacks , Cybersecurity , Data Privacy , Data Security , Enforcement Actions , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Ransomware , Risk Management

Federal court strikes blow to expansive OCR web tracking position

The ability of OCR to enforce expansive portions of its controversial web tracking guidance has been severely limited. A federal district court ruled that the guidance exceeded the agency’s authority, and in particular...more

6/25/2024 / American Hospital Association , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Popular , Tracking Systems , Web Tracking

Updated OCR guidance does not solve HIPAA’s tracker uncertainty

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance concerning compliance obligations for HIPAA covered entities and business associates using online tracking...more

3/21/2024 / Business Associates , Covered Entities , Data Collection , Data Protection , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , PHI

The online health data ecosystem takes another regulatory hit

Health companies cannot use online tracking technologies like other consumer organizations. This refrain, repeated frequently by regulators, litigants and the media in recent months, may now have found its clearest voice in...more

2/9/2023 / Cookies , Cybersecurity , Department of Health and Human Services (HHS) , Federal Trade Commission (FTC) , FTC Act , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Web Tracking

Not so fast: HHS OCR warns that HIPAA applies to online tracking technologies

Covered Entities and Business Associates must comply with HIPAA in their use of online tracking technologies, including cookies, pixels or similar code. The U.S. Department of Health and Human Services (HHS), Office for Civil...more

12/8/2022 / Business Associates , Compliance , Covered Entities , Department of Health and Human Services (HHS) , Electronic Medical Records , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , New Guidance , OCR , PHI , Tracking Systems

HHS highlights significance of new healthcare technologies in series of regulatory actions

Recent U.S. Department of Health Human Services (HHS) regulatory actions emphasize the role emerging technologies play in the provision of healthcare, particularly as clinical innovations proliferate in response to the...more

9/16/2022 / Affordable Care Act , Algorithms , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Proposed Rules , Public Comment , Telehealth , Telemedicine

HHS seeks comment by June 6 on recognized security practices as mitigating factor in HIPAA enforcement

The US Department of Health Human Services (HHS) is seeking public comments about the appropriate role of “recognized security practices” in enforcement of the HIPAA Security Rule. Congress, through an amendment to the HITECH...more

4/19/2022 / Cybersecurity , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HITECH Act , NIST , OCR , Public Comment , Request For Information

Donald DePass

Hogan Lovells

Popular Topics by This Author

Latest Posts › OCR