On July 7, 2016, the Centers for Medicare and Medicaid Services (“CMS”) imposed several administrative penalties on Theranos, a clinical laboratory company that proposed to revolutionize the clinical laboratory business by performing multiple blood tests using a few drops of blood drawn from a finger rather than from a traditional blood draw that relies on needles and tubes. However, after inspecting the laboratory, CMS concluded that the company failed to comply with federal law and regulations governing clinical laboratories and it posed an immediate jeopardy to patient health and safety. CMS has revoked the CLIA certification of the company’s California … Continue Reading
On May 17, 2016, FDA issued Draft Guidance for Industry on Use of Electronic Health Record Data in Clinical Investigations (“Draft Guidance”). This Draft Guidance builds on prior FDA guidance on Computerized Systems Used in Clinical Investigations and Electronic Source Data in Clinical Investigations, and provides information on FDA’s expectations for the use of Electronic Health Record (“EHR”) data to clinical investigators, research institutions and sponsors of clinical research on drugs, biologics, medical devices and combination products conducted under an Investigational New Drug Application or Investigational Device Exemption.
While the recommendations set forth in the Draft Guidance do not … Continue Reading
At the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C. on March 5th and March 6th, the Federal Trade Commission (“FTC”) was clear in its message that privacy was a top priority for the agency. The FTC had a strong presence at the conference. Three of the five Commissioners and the Director of the Bureau of Consumer Protection (Jessica Rich) all spoke at the conference and relayed a message of the importance of consumer privacy and security. In that regard, the FTC speakers stressed the importance of:
- informing consumers of the collection of
Tuesday, March 24, 2015 at 12:00 p.m. – 1:00 p.m. EDT
The past year has demonstrated that no organization is immune to security incidents that could affect its employees, customers, and reputation. Understanding the complex legal framework governing data privacy and developing a plan to mitigate risk can be the difference between an incident and a disaster.
Join Epstein Becker Green’s Privacy & Security Practice for a comprehensive overview of data breach priorities impacting organizations that deal in electronic data. Presenters will identify strategies to prepare for and prevent security incidents as well as summarize key takeaways from the biggest … Continue Reading
Epstein Becker Green’s recent issue of its Take 5 newsletter focuses on the 25th Anniversary of the ADA and recent developments and future trends under Title III of the ADA.
- Website Accessibility
- Accessible Point-of-Sale Devices and Other Touchscreen Technology
- Movie Theater Captioning & Audio (Narrative) Description
- The Availability of Sign Language Interpreters at Health Care Facilities
- “Drive By” Design/Construction Lawsuits
Our colleague Mollie K. O’Brien at Epstein Becker Green wrote an advisory on a new law that will increase the protection of personal information under HIPPA by mandating encryption on all computerized data collected by health insurance carriers: “Beyond HIPAA: New Jersey Law Requires Encryption of Personal Data by Health Insurance Carriers.” Following is an excerpt:
In response to data breaches that have occurred across the United States, several of which involved the theft of laptop computers, beginning August 1, 2015, health insurance carriers in New Jersey will be obligated to do more to protect patient information than … Continue Reading
The State of the Union Address, scheduled for January 20, 2015, will contain new initiatives related to privacy, White House officials say. The known initiatives are the introduction of a data breach reporting bill, a bill restricting the sale of student information, and a Consumer Privacy Bill of Rights.
SETTING A NATIONAL DATA BREACH REPORTING STANDARD
President Obama is planning on introducing a data breach bill that would standardize the reporting period nationwide at 30 days. The proposed Personal Data Notification and Protection Act would require direct customer notification. The law would also criminalize selling … Continue Reading
On September 23 and 24, 2014, the National Institute of Standards and Technology (“NIST”) and the Department of Health and Human Services Office of Civil Rights (“HHS OCR”) hosted their annual HIPAA conference “Safeguarding Health Information: Building Assurance through HIPAA security.”
OCR officials and key industry leaders engaged in dialogue regarding developments and trends in data breach incidents with respect to health information as well as stakeholder responses and best practices to mitigate risk and respond to potential incidents.… Continue Reading
The increasing prevalence of mobile technology in the healthcare sector continues to create compliance concerns for physician practices and other health care entities. While the Office of Civil Rights (OCR) of the Department of Health and Human Services, has traditionally focused on technology breaches within larger health systems, smaller physician practices and health care entities must also ensure that their policies and practices related to mobile technology do not foster non-compliance and create institutional risk.
Physicians Integrate Mobile Technology Into Daily Practice
On May 20, 2014, the Secretary of the Department of Health and Human Services (HHS) submitted the agency’s Annual Report to Congress on Breaches of Unsecured Protected Health Information for Calendar Years 2011 and 2012 (“Breach Report”). This report provides valuable insight for healthcare entities regarding their data security and enforcement priorities.
Section 13402(i) of the Health Information Technology for Economic and Clinical Health Act (HITECH) requires the Secretary of Health and Human Services to prepare an annual report regarding the number and nature of breaches report to HHS, as … Continue Reading
Epstein Becker Green and EBG Advisors announce the eighth webinar in a series focusing on emerging trends in population health. The next session—entitled “How Will ‘Big Data’ and ‘IT Integration’ Impact Population Health Management?”—will examine the rise of big data and other innovative computational methods. The speakers will explain how these tools and applications are being leveraged to promote better clinical and financial outcomes for patients, providers, and payors.
To register for this must-attend event, scheduled for June 24, 2014, at 12:00 p.m. ET, click here.
During this webinar, panelists will discuss:
- How big data is getting
Following is an excerpt:
It’s bad enough that the number of security breaches of patient protected health information appears to be skyrocketing. But it feels downright creepy when the breach is at the hands of a hacker, as was the recent attack by Eastern European hackers that breached almost 800,000 Medicaid recipients in Utah.
And while a lot of hackers are attacking EHRs to steal the … Continue Reading
Epstein Becker Green has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. This will allow the firm to provide health care organizations with privacy and security risk assessments to protect the entities from breaches of protected health information (PHI). The health care industry has accepted the HITRUST CSF as the most widely adopted security framework. Epstein Becker Green is the first law firm to become a CSF Assessor and the designation exemplifies the firm’s distinct capability to identify and address risk for health care industry clients.
HITRUST provides resources, tools, education, and … Continue Reading
Perhaps in recognition of its benefits to areas affected by shortfalls in specialists and primary care physicians or the need for remote monitoring, telemedicine received significant funding in the ARRA. For instance, the Rural Utilities Service was allocated $2.5 billion to fund “shovel-ready” distance learning, telemedicine, and broadband program; the Indian Health Services received $85 million to fund telemedicine; and a portion of the $2 billion allocated to the Office of the National Coordinator is to be used to support the “infrastructure and tools for the promotion of telemedicine.” However, in contrast to the ARRA, the current reform proposals publicly … Continue Reading