In the first part of this blog post, we looked into the OCR and FTC’s focus on third-party tracking technologies. We also reviewed the AHA Lawsuit and its impact for the use of tracking technologies. In this blog post, we...more
11/19/2024
/ Administrative Law Judge (ALJ) ,
Administrative Procedure Act ,
Business Associates ,
Chevron Deference ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Judicial Review ,
Loper Bright Enterprises v Raimondo ,
OCR ,
PHI ,
Third-Party Service Provider ,
Vendors ,
Web Tracking ,
Websites
On June 28, in Loper Bright Enterprises v. Raimondo (Loper Bright), the U.S. Supreme Court overturned the doctrine of Chevron deference, upending 40 years of precedent and significantly shifting power to the courts to...more
7/31/2024
/ Administrative Procedure Act ,
Chevron Deference ,
Chevron v NRDC ,
Department of Health and Human Services (HHS) ,
Enforcement Authority ,
Government Agencies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Loper Bright Enterprises v Raimondo ,
OCR ,
PHI ,
Regulatory Authority ,
Risk Assessment ,
SCOTUS ,
Statutory Interpretation
When the U.S. Department of Health and Human Services, Office for Civil Rights (HHS OCR) issued its guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” on Dec. 1, 2022 Original...more
As noted back in December 2022, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued dramatic guidance (often called the Bulletin) that targets the use of so-called Internet “tracking...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail...more
12/14/2022
/ Business Associates ,
Cookies ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
PHI ,
Tracking Systems
The United States Court of Appeals for the Fifth Circuit recently found that the United States Department of Health and Human Services (HHS) lacked a lawful basis for a $4.3 million civil money penalty order that it issued to...more
BakerHostetler is closely monitoring a Cybersecurity Advisory issued jointly by several government agencies including the United States Department of Health and Human Services (HHS) and the FBI, on October 28. ...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Security ,
Data Theft ,
Department of Health and Human Services (HHS) ,
FBI ,
Hackers ,
Healthcare Facilities ,
Ransomware ,
Risk Mitigation
Healthcare data can be up to 10 times more valuable to cyber criminals than credit card numbers, according to a report from the Department of Health & Human Services’ (HHS) Office of the Inspector General (OIG). And, with...more
Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by...more
How the theft of a single password-protected laptop turned into an enterprise-wide review of an organization’s data protection practices.
Following the announcement of a recent settlement between the U.S. Department of...more
By couching its position in an individual’s right to access protected health information (PHI), beginning on January 7, 2016, the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) issued guidance to...more
On January 13, 2016, the Department of Health and Human Services’ Administrative Law Judge upheld the Office for Civil Rights’ (OCR’s) civil monetary penalty (CMP) against Lincare, Inc., d/b/a United Medical (Lincare), for...more
On January 6, 2016, the U.S. Department of Health and Human Services (HHS) released a modification to the Health Insurance Portability and Accountability Act (HIPAA) removing barriers to reporting federal mental health...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more
10/14/2015
/ Compliance ,
Corporate Fines ,
Corrective Actions ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personally Identifiable Information ,
PHI ,
Privacy Concerns ,
Security Risk Assessments ,
Security Rule
We have released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. The report confirms the...more
6/12/2015
/ Attorney General ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Government Investigations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Medical Records ,
OCR ,
PHI
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently launched an updated version of the portal covered entities must use to notify OCR regarding a breach of unsecured protected health...more
While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI),...more
As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR. But according to recent remarks by a high-ranking HHS attorney, if you thought these...more
The U.S. Department of Health and Human Services (HHS) recently published a Final Rule granting patients and their personal representatives access to the patient’s completed laboratory test reports directly from the lab...more
On January 7, 2014, the U.S. Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) for the purpose of modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to...more
On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more
The Texas Health Services Authority (THSA) recently announced its selection of the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), the most widely adopted information privacy and security...more
Although the HIPAA Omnibus Final Rule's expansion of business associate liability could create difficulties for healthcare providers and other covered entities seeking to negotiate business associate agreements with vendors...more
Adding yet another wrinkle to the nation’s contentious gun control debate, the U.S. Department of Health and Human Services (HHS) has released an Advance Notice of Proposed Rulemaking (ANPRM) soliciting information and public...more
In This Issue:
- A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule
1. Business Associates and Subcontractors
2. Breach Notification
3. Covered Entity Organizational Structures
4. Cloud...more
3/1/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Subcontractors