Last week, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) and the U.S. Food and Drug Administration (“FDA”) released warnings about an embedded function they found in the firmware of the Contec CMS8000,...more
2/13/2025
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Devices ,
Patient Privacy Rights ,
PHI ,
Risk Management
On January 6, 2025, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published a “Notice of Proposed Rulemaking,” HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected...more
In a narrow but significant ruling in American Hospital Association et al. v. Xavier Becerra, et al., No. 4:23-cv-01110-P, the U.S. District Court for the Northern District of Texas (Hon. Mark T. Pittman) ruled that one...more
The U.S. Department of Health and Human Services (“HHS”), and Office for Civil Rights (“OCR”) issued a “Final Rule,” HIPAA Privacy Rule to Support Reproductive Health Care Privacy, which was published in the Federal...more
5/14/2024
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Popular ,
Reproductive Healthcare Issues
On April 12, 2023, the Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) issued a Notice of Proposed Rulemaking (“Notice” or “NPRM”) to solicit comments on proposed modifications to the HIPAA...more
4/17/2023
/ Abortion ,
Biden Administration ,
Comment Period ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
NPRM ,
OCR ,
Patient Privacy Rights ,
PHI ,
Pregnancy ,
Proposed Rules ,
Regulatory Agenda ,
Reproductive Healthcare Issues ,
SCOTUS ,
Women's Rights
On February 1, 2023, the Federal Trade Commission (“FTC”) announced that it filed a “first-of-its-kind proposed order” under its Health Breach Notification Rule promulgated pursuant to section 13407 of the American Recovery...more
2/8/2023
/ Advertising ,
Breach Notification Rule ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
PHI ,
Targeted Digital Advertising ,
Tracking Systems
The continued proliferation of tracking technologies has created a landscape of increased exposure for entities serving individuals online. As individuals are increasingly interacting with healthcare services providers...more
In the wake of the Dobbs decision, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued new guidance regarding the privacy of patients seeking reproductive health care.
The guidance...more
7/13/2022
/ Abortion ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Equal Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New Guidance ,
OCR ,
Patient Access ,
Patient Privacy Rights ,
PHI ,
Pregnancy ,
Regulatory Standards ,
Reproductive Healthcare Issues ,
Roe v Wade ,
SCOTUS ,
Women's Rights
On January 5, 2020, President Trump signed into law H.R. 7898. This new statute amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Department of Health and Human Services...more
On December 10, 2020, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued a notice of proposed rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA)...more
On May 22, 2020, the Federal Trade Commission (the “FTC”) published its decennial request for public comment (the “RFC”) on the FTC’s Health Breach Notification Rule (the “HBN Rule”)....more
6/25/2020
/ Breach Notification Rule ,
Comment Period ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HITECH Act ,
Medical Records ,
Personally Identifiable Information ,
PHI
Following the outbreak of COVID-19 in late 2019, the U.S Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) has offered guidance to covered entities and business associates regulated by the...more
Every year, the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services, Office for Civil Rights (OCR) jointly sponsor a conference to “address the dynamic and challenging...more
10/25/2019
/ Civil Monetary Penalty ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Enforcement Actions ,
Final Determinations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
NPRM ,
OCR ,
Personally Identifiable Information ,
PHI
The HHS Office for Civil Rights (“OCR”) issued a notice in the Federal Register regarding its Enforcement Discretion (84 Fed. Reg. 18151) on April 30, 2019. HHS announced that HHS will now apply a different cumulative annual...more
5/15/2019
/ Civil Monetary Penalty ,
Data Breach ,
Electronic Medical Records ,
Enforcement Authority ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HITECH Act ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI
Health care organizations’ lack of compliance with the data privacy and security requirements of both state laws and the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security and Breach Notification...more
1/3/2019
/ Breach Notification Rule ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Hospital Mergers ,
PHI ,
Popular ,
Privacy Rule
On May 29, 2018, Colorado Governor John Hickenlooper signed changes to Colorado law that significantly increase potential data breach burdens and financial penalties on entities operating in Colorado.1 Beginning September 1,...more
8/1/2018
/ Confidential Information ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
New Legislation ,
PHI ,
Popular ,
State and Local Government