Last fall at the Safeguarding Health Information: Building Assurance Through HIPAA Security 2024 conference, U.S. Department of Health & Human Services Office for Civil Rights (OCR) promised that before year’s end, it would...more
12/31/2024
/ Compliance ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Food and Drug Administration (FDA) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Multi-Factor Authentication ,
OCR ,
Proposed Amendments ,
Proposed Rules ,
Ransomware
The Department of Health and Human Services (HHS) Office for Human Research Protections (OHRP) recently held its 2024 Exploratory Workshop titled “The Evolving Landscape of Human Research with AI – Putting Ethics to Practice”...more
10/10/2024
/ Artificial Intelligence ,
Consent ,
Data Collection ,
Data Privacy ,
Data Storage ,
Ethics ,
EU ,
Food and Drug Administration (FDA) ,
GAO ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Machine Learning ,
Office for Human Research Protections (OHRP) ,
OIG ,
Popular ,
Research and Development
As the first state law to regulate the results of Artificial Intelligence System (AI System) use, Colorado’s SB24-205, “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (the Act), has...more
6/28/2024
/ Artificial Intelligence ,
Colorado ,
Compliance ,
Consumer Protection Laws ,
Covered Entities ,
Disclosure Requirements ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Devices ,
ONC ,
Risk Assessment ,
Software Developers
As promised in the U.S. Department of Health and Human Services (HHS) concept paper in December 2023, the agency published voluntary health care and public health cybersecurity performance goals (HPH CPGs) in January 2024 and...more
4/5/2024
/ Compliance ,
Critical Access Hospitals ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incentives ,
Medicare ,
NIST ,
Penalties ,
Popular
The U.S. Department of Health and Human Services (HHS) released a concept paper on December 6, 2023 outlining its action plan to enhance cyber resiliency in the health care sector by proposing certain voluntary cybersecurity...more
The Office for Civil Rights (OCR) recently offered covered entities and business associates (Regulated Entities) not-so-subtle reminders in its October 2023 Cybersecurity Newsletter that effective sanction policies can...more
10/23/2023
/ Audits ,
Business Associates ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
Noncompliance ,
OCR ,
Policies and Procedures ,
Sanctions
In response to concerns about the confidentiality of protected health information (PHI) related to reproductive health care less than one year after Dobbs v. Jackson Women’s Health Organization decision, and the prospect of...more
The Centers for Medicare & Medicaid Services (CMS) recently published the Advancing Interoperability and Improving Prior Authorization Processes Proposed Rule (Prior Authorization Proposed Rule), and, if certain components...more
The Federal Trade Commission (FTC) recently kicked off enforcement of its Health Breach Notification Rule (Breach Rule) by taking aim at GoodRx’s use of tracking technologies (e.g. pixels) and the sharing of consumer health...more
As illustrated by a recent Office for Civil Rights (OCR) settlement with a dental practice, health care entities continue to struggle with how to respond to negative online reviews while maintaining compliance with the HIPAA...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has been busy over the past month announcing new enforcement actions and settlement agreements related to violations of the Privacy...more
All players in the health and wellness ecosystem should be following developments around the American Data Privacy and Protection Act (ADPPA). If enacted, the ADPPA would be a watershed in the regulation of the privacy and...more
The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) to obtain industry feedback and inform potential future rulemaking regarding information...more
4/14/2022
/ Civil Monetary Penalty ,
Cybersecurity ,
Cybersecurity Act of 2015 ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
NIST ,
OCR ,
Request For Information ,
Rulemaking Process ,
Social Security Act
While the Office of the National Coordinator for Health Information Technology (ONC) issued the 21st Century Cures Act; Interoperability, Information Blocking, and the ONC Health IT Certification Program (Information Blocking...more