Last week, the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) issued Advisory Opinion No. 22-09 (AO 22-09), which addresses a proposed arrangement pursuant to which the operator of a...more
The U.S. Department of Justice and U.S. Health and Human Services Office of Inspector General recently announced the indictment of a pharmacy marketer who allegedly received and paid kickbacks in violation of the federal...more
The U.S. Department of Health and Human Services (HHS) recently released a final rule further amending 42 CFR Part 2 regulations (Part 2) to allow greater sharing of patient records related to substance use disorder (SUD)...more
7/20/2020
/ Confidentiality Policies ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Drug & Alcohol Abuse ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opioid ,
Patient Privacy Rights ,
Prescription Drugs ,
Substance Abuse
The Department of Health and Human Services (HHS) has taken many actions to loosen or waive requirements on the provision of health care during the current coronavirus pandemic, as we discussed yesterday and Tuesday. In...more
Telehealth is going to play a critical role in the delivery of care in the coming weeks and months as health care providers respond to the COVID-19 pandemic. As the CDC and other public health agencies continue to recommend...more
It feels like we’ve been seeing a lot more health care breaches caused by hackers and other IT security incidents, and there’s a good reason why: a recent report by cloud security company Bitglass confirms that both the...more
Last week the Department of Justice (DOJ) announced a $57 million settlement with electronic health record (EHR) software vendor Greenway Health LLC (Greenway). According to DOJ, Greenway violated the False Claims Act (FCA)...more
2/14/2019
/ Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
EHR ,
Electronic Health Record Incentives ,
False Claims Act (FCA) ,
Health Care Providers ,
Meaningful Use ,
Medicaid ,
Medicare ,
OIG ,
Settlement Agreements ,
Software ,
Third-Party Service Provider
Today, we’re looking back at HIPAA and other privacy and security developments in 2018. This past year saw continued HIPAA enforcement (including the largest ever fine for a HIPAA breach), reminders from the OCR on best...more
1/7/2019
/ Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Popular ,
State Data Breach Notification Statutes
As we discussed last week, the Department of Health and Human Services (HHS) recently published its semi-annual regulatory agenda. In addition to the proposed rules on fraud and abuse, drug pricing, digital health, and...more
Privacy and security compliance obligations for health care companies remain hot topics this spring. Health care companies must now contend with data breach laws in all 50 states as well as keeping on top of federal HIPAA...more
6/21/2018
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
Revocation ,
State and Local Government ,
State Data Breach Notification Statutes
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced a $100,000 settlement with a company that is no longer in business. Filefax, Inc. (Filefax) was an Illinois company that...more
As Texas, Florida, and the Caribbean rebuild after the latest string of deadly hurricanes and prepare for the possibility of future storms, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR)...more
9/19/2017
/ Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Hurricane Harvey ,
Hurricane Irma ,
Natural Disasters ,
OCR ,
Personally Identifiable Information ,
Waivers
Continuing its annual tradition, the U.S. Department of Justice (“DOJ”) and the U.S. Department of Health and Human Services (“HHS”) announced last week the largest ever health care fraud enforcement action by the Medicare...more
OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more
6/14/2017
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Federal Breach Notification Standard ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
ISAOs ,
OCR ,
PHI ,
Popular
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced another large HIPAA-related settlement last week with Memorial Hermann Health System (Memorial Hermann), the largest not-for-profit...more
As we’ve previously discussed on Health Law and Policy Matters, agencies within the Department of Health and Human Services (DHHS) pushed through several final rules towards the end of the Obama Administration. However, since...more
In non-election news, the Office for Civil Rights (OCR) at the Department of Health and Human Services recently released its November Cyber Awareness Newsletter. This month’s newsletter focuses on the topic of...more