In the third and final episode of Florida Capital Conversations' healthcare privacy series, Tallahassee attorneys Shannon Hartsfield and Eddie Williams join hosts Nathan Adams and Mia McKown to discuss the challenges of...more
The U.S. Department of Health and Human Services (HHS) has issued a Notice of Proposed Rulemaking (NPRM) that strengthens the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), which, if...more
The U.S. Department of Health and Human Services (HHS) has issued an unpublished Notice of Proposed Rulemaking (NPRM) that strengthens the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and, if...more
1/2/2025
/ Business Associates ,
Comment Period ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
HIPAA Security Rule ,
NPRM ,
OCR
Access to quality healthcare services has long been a priority of the U.S. Department of Health and Human Services (HHS), and through its Office for Civil Rights (OCR) this agency has, since at least 2001, sought to provide...more
12/18/2024
/ Affordable Care Act ,
Age Discrimination ,
Biden Administration ,
Bostock v Clayton County Georgia ,
Centers for Medicare & Medicaid Services (CMS) ,
Data-Sharing ,
Dear Colleague Letter ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Final Rules ,
Health Care Providers ,
Medicare ,
Non-Discrimination Rules ,
OCR ,
Patient Access ,
PHI ,
Private Right of Action ,
Regulatory Authority ,
Rehabilitation Act ,
Title IV ,
Title IX
In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more
12/4/2024
/ Business Associates ,
Compliance ,
Compliance Dates ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
NIST ,
OCR ,
PHI ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Security and Privacy Controls
President Ronald Reagan famously quipped, "I think you all know that I've always felt that the nine most terrifying words in the English language are: I'm from the Government, and I'm here to help."1 At an Oct. 23-24, 2024,...more
10/31/2024
/ Artificial Intelligence ,
Biden Administration ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Incident Response Plans ,
Internet of Things ,
Medical Devices ,
NIST ,
OCR ,
Popular ,
Ransomware ,
Security and Privacy Controls ,
Technical Conference
Healthcare providers running on thin margins or just seeking new (and in the case of tax-exempt providers, permissible) revenue sources may jump at the chance when third party vendors offer to help them monetize their patient...more
7/22/2024
/ Business Associates ,
Data Privacy ,
Data Security ,
Data Selling ,
De-Identification ,
De-Identified Protected Health Information ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Monetization ,
Penalties ,
PHI ,
Privacy Laws ,
Statutory Violations
A recent federal court decision is a victory for Health Insurance Portability and Accountability Act (HIPAA) covered entities using third-party tracking tools on unauthenticated webpages. These are websites available to the...more
6/26/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Business Associates ,
Covered Entities ,
Federal Trade Commission (FTC) ,
Final Judgment ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
IP Addresses ,
Judicial Review ,
OCR ,
PHI ,
Regulatory Authority ,
Warning Letters ,
Web Tracking ,
Websites
After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has, as part of its mandate, the responsibility to enforce the Health Insurance Portability and Accountability Act (HIPAA) Security Rule....more
5/14/2024
/ Audits ,
Business Associates ,
Compliance ,
Covered Entities ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
HITECH Act ,
OCR ,
PHI ,
Popular ,
Ransomware ,
Risk Assessment ,
Web Tracking
In the midst of an industry reeling from the Change Healthcare cybersecurity incident, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a series of final rules requiring...more
"Informed consent" has been described as "a bedrock principle of healthcare in a free society," and if a "patient is denied the ability to exercise or even consider informed consent, the patient's personal liberty suffers."1...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued updated guidance on March 18, 2024 regarding the use of online tracking technologies by entities and business associates covered by the...more
3/19/2024
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Priorities ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Tracking Systems ,
Web Tracking ,
Websites
Hospitals care about patient privacy, but they also have to connect with the public. In the real world, people mostly connect online. Having a fully functional online presence often requires help from third parties. ...more
11/8/2023
/ American Hospital Association ,
Business Associates ,
Class Action ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
PHI ,
Third-Party Service Provider ,
Tracking Systems ,
Web Tracking
In this episode of our “Florida Capital Conversations” podcast series, healthcare attorneys Mia McKown, Eddie Williams and Shannon Hartsfield discuss how privacy violations can put a healthcare practitioner's license at risk....more
In this episode of our “Florida Capital Conversations” podcast series, healthcare attorney Eddie Williams joins to discuss the dissemination of electronic health information and provisions regarding information blocking. He...more
In this episode of "Counsel That Cares," HIPAA and healthcare privacy attorneys Beth Pitman and Shannon Hartsfield dissect the highly publicized Dinerstein v. Google case. They address the implications and concerns of sharing...more
Providing care via electronic communication when patients and providers are in separate locations, known as telemedicine or telehealth, has been possible for decades. The exigent circumstances sparked by the COVID-19 pandemic...more
New Florida legislation, Senate Bill 768 (2023), amending the Patient Self-Referral Act of 1992 (the Act), also known as the Florida "mini-Stark law," has been signed by Gov. Ron DeSantis and is set to take effect on July 1,...more
The Federal Trade Commission (FTC) is on a roll in its efforts to signal to the digital health industry that data privacy must be a priority. The FTC announced a consent decree with BetterHelp on March 2, 2023, to settle...more
3/7/2023
/ Advertising ,
Consent Decrees ,
Consumer Privacy Rights ,
Cookies ,
Digital Health ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Marketing ,
Mental Health ,
Telehealth ,
Unfair or Deceptive Trade Practices
For years, patients and healthcare companies have been wrestling with privacy issues relating to cookies, pixels and other tracking technologies. The U.S. Department of Health and Human Services' (HHS) Office of Civil Rights...more
12/5/2022
/ Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Tracking Systems ,
Web Tracking
Patient assistance programs (PAPs) that seek to subsidize patient co-payments for drugs covered by Medicare may involve compliance challenges. A recent U.S. Department of Health and Human Services (HHS) Office of Inspector...more
11/3/2022
/ Advisory Opinions ,
Anti-Kickback Statute ,
Cost-Sharing ,
Fraud and Abuse ,
Generic Drugs ,
Health Care Providers ,
Medicare ,
Medicare Part D ,
OIG ,
Out-of-Pocket Expenses ,
Patient Assistance Programs ,
Pharmaceutical Industry ,
Prescription Drugs ,
Subsidies
Telehealth has been around for decades, but restrictive reimbursement rules kept it out of widespread use for many treatment needs. Then along came the COVID-19 pandemic and everything changed rapidly. Suddenly, due to the...more
10/5/2022
/ Compliance ,
Coronavirus/COVID-19 ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
GAO ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Reports ,
Medical Reimbursement ,
OCR ,
Patient Privacy Rights ,
Telehealth ,
Telemedicine
Kathryn Isted In Harbor Healthcare System, L.P. v. United States, 5 F.4th 593 (5th Cir. 2021), the court of appeals ruled that the district court abused its discretion in refusing to exercise its equitable jurisdiction over a...more
10/18/2021
/ Abuse of Discretion ,
Anti-Kickback Statute ,
Appeals ,
Attorney-Client Privilege ,
Comment Period ,
Criminal Investigations ,
Discovery ,
Draft Guidance ,
Evidence ,
Failure To State A Claim ,
False Claims Act (FCA) ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Healthcare Facilities ,
Hospitals ,
Kickbacks ,
Managed Care Contracts ,
Medicaid ,
Medicare ,
Patient Referrals ,
Pharmaceutical Industry ,
Pharmacies ,
Prescription Drugs ,
Qui Tam ,
Scienter
An amendment to the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on Jan. 5, 2021, directing U.S. Health and Human Services (HHS) to consider "recognized security practices"...more
8/31/2021
/ Compliance ,
Covered Entities ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Industry Cybersecurity Practices (HICP) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Incident Response Plans ,
New Legislation ,
NIST ,
PHI