Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
3/24/2025
/ Artificial Intelligence ,
Banks ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Health Care Providers ,
Healthcare ,
Healthcare Facilities ,
Machine Learning ,
NIST ,
Risk Management ,
Vulnerability Assessments
‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
1/2/2025
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Security Rule ,
HIPAA Violations ,
Life Sciences ,
NPRM ,
OCR ,
PHI ,
Regulatory Agenda ,
Rulemaking Process
December 23, 2024, was the compliance deadline for HIPAA covered entities and business associates to apply the protections of the HIPAA Privacy Rule to support Reproductive Health Care Privacy Final Rule—that is all covered...more
On September 18, 2024, the Attorney General (AG) of Texas announced a settlement with an artificial intelligence-focused healthcare technology company to resolve allegations of false and misleading statements about the...more
10/16/2024
/ Artificial Intelligence ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
False Statements ,
Health Care Providers ,
Health Technology ,
Life Sciences ,
Misleading Statements ,
Settlement ,
State Attorneys General ,
Texas
As we settle into spooky season, let’s take a minute to consider a recent development in health care privacy as we ask ourselves, is this a trick or a treat?...more
10/11/2024
/ Data Management ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Patient Privacy Rights ,
PHI ,
Reproductive Healthcare Issues ,
State Attorneys General ,
Statutory Authority ,
Texas
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) released its anticipated Final Rule last week. The Final Rule revises...more
2/26/2024
/ CARES Act ,
Confidential Information ,
Consent ,
Data Management ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Regulations ,
OCR ,
Patient Privacy Rights ,
PHI ,
SAMHSA ,
Substance Abuse
Why is everyone talking about provider disclosures to law enforcement of late? The Senate Finance Committee authored a letter to Xavier Becerra, Secretary of the U.S. Department of Health and Human Services (HHS), outlining...more
1/12/2024
/ Data-Sharing ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Requests ,
Law Enforcement ,
Life Sciences ,
Patient Privacy Rights ,
PHI ,
Roe v Wade
As industry stakeholders know, cyberattacks and breaches have been on the rise in the health care industry. IBM Security’s 2023 annual report notes that the average health care data breach has reached $10.93M and that health...more
As of September 1, 2023, the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) can officially begin enforcement against Certified Health Information Technology (“HIT”) developers, health...more
9/11/2023
/ 21st Century Cures Act ,
Anti-Kickback Statute ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Health Information Technologies ,
Healthcare ,
Information Blocking Rules ,
OIG
This is Part Four in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating tidal waves in the...more
Effects to consumer health data collection and processing will be felt in Washington and beyond with new consumer rights and consent requirements as well as a private right of action....more
On April 12, 2023, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking (NPRM), aimed at strengthening the Health Insurance Portability and...more
The Biden Administration announced that the federal COVID-19 Public Health Emergency (PHE) will expire at the end of the day on May 11, 2023. As we draw closer to the expiration date of the PHE, do you feel fine about your...more
3/20/2023
/ Biden Administration ,
Business Associates Agreement (BAA) ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Public Health Emergency ,
Telehealth ,
Telemedicine
Effective today, October 6, 2022, the Information Blocking Rule will expand in scope to prohibit interfering with access or exchange of information in a designated record set. With this expansion of the Information Blocking...more
March was a busy month for data privacy and security, especially as it relates to health care entities. To help keep you up to date with the changes, we’ve included a few highlights for you below...
...more
4/6/2022
/ Cybersecurity Framework ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
Life Sciences ,
Patient Privacy Rights ,
Proposed Legislation ,
Regulatory Reform ,
State Data Breach Notification Statutes