The U.S. District Court for the Northern District of Texas vacated key portions of the 2024 updates to the HIPAA Privacy Rule that had strengthened protections for reproductive health care information. HIPAA-regulated...more
If enacted, the New York Health Information Privacy Act (“NYHIPA”) will be the latest in a series of state privacy laws that regulate health data outside of the traditional health care context. It would follow the passage of...more
The ability of OCR to enforce expansive portions of its controversial web tracking guidance has been severely limited. A federal district court ruled that the guidance exceeded the agency’s authority, and in particular...more
On May 30, 2024, the FTC published amendments to its Health Breach Notification Rule (“HBNR” or “Rule”) in the Federal Register, memorializing the Rule’s expanded scope that now explicitly includes direct-to-consumer health...more
The HIPAA Privacy Rule has been modified by the US Department of Health and Human Services (HHS) to increase privacy protections for reproductive health care information. These changes, which will take effect in early 2026,...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance concerning compliance obligations for HIPAA covered entities and business associates using online tracking...more
The U.S. Department of Health and Human Services (HHS) has finalized amendments to more closely align the Part 2 substance use disorder (SUD) regulations with HIPAA. These changes have the potential to streamline compliance...more
The U.S. Food and Drug Administration (FDA) has published a final rule on “Institutional Review Board Waiver or Alteration of Informed Consent for Minimal Risk Clinical Investigations,” which permits an exception from the...more
Adding to the growing trend of policymakers interested in regulating health and wellness data, last week U.S. Senator Bill Cassidy requested stakeholder feedback to help identify solutions to modernize HIPAA and ensure all...more
9/12/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Agenda
The U.S. Department of Health and Human Services (“HHS”) is proposing changes to HIPAA that would increase protections for reproductive health care information. If finalized, these changes would prohibit HIPAA-regulated...more
This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions –...more
Health companies cannot use online tracking technologies like other consumer organizations. This refrain, repeated frequently by regulators, litigants and the media in recent months, may now have found its clearest voice in...more
HIPAA covered entities will be required to change their HIPAA Notices of Privacy Practices (NPPs) if a recent proposed rule by the US Department of Health and Human Services is finalized. The Proposed Rule is designed to...more
The U.S. Department of Health and Human Services (HHS) has proposed to significantly revise rules governing patient records in substance use disorder (SUD) programs, commonly known as the Part 2 rules, with important...more
12/6/2022
/ CARES Act ,
Comment Period ,
Confidential Information ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Information Sharing ,
Medical Records ,
NPRM ,
Patient Privacy Rights ,
SAMHSA ,
Substance Abuse
Recent U.S. Department of Health Human Services (HHS) regulatory actions emphasize the role emerging technologies play in the provision of healthcare, particularly as clinical innovations proliferate in response to the...more
At our recent Health Care AI Law and Policy Summit, Hogan Lovells partner Melissa Bianchi moderated a panel discussion on the state of the health care AI industry. Joined by representatives from the American Medical...more
The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more
2/28/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular
The National Institutes of Health has issued a request for information (RFI) on its Genomic Data Sharing (GDS) Policy to help ensure it keeps pace with the evolving genomic research landscape. The RFI will help inform...more
States continue to enact laws targeting the protection of genetic data with two important developments in California and Florida. California’s Genetic Information Privacy Act (“GIPA”), which came into effect on January 1,...more
A new Policy Statement from the US Federal Trade Commission places companies that offer consumer-facing health apps and connected health and wellness devices on notice that they may be covered by a Health Breach Notification...more
10/6/2021
/ American Recovery and Reinvestment Act ,
Application Programming Interface (APIs) ,
Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
Policy Statement ,
Popular
HIPAA Privacy Rule changes that have the potential to significantly impact patients, covered entities, and business associates were proposed by the Department of Health and Human Services (HHS) in a Notice of Proposed...more
This is the sixth installment in Hogan Lovells’ series on the California Consumer Privacy Act.
The California Consumer Privacy Act of 2018 (CCPA) adds another set of privacy requirements for health and life sciences...more
10/8/2018
/ California Consumer Privacy Act (CCPA) ,
Clinical Trials ,
CMIA ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Nonprofits ,
Personally Identifiable Information ,
Privacy Laws