Health Information Technology

On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a bulletin warning that commonly used website technologies, including cookies, pixels, and session replay, may result in the impermissible disclosure of Protected Health Information (“PHI”) to third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The bulletin advises that “[r]egulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of Protected Health Information (“PHI”) to tracking technology vendors or any other violations of the HIPAA Rules.” The bulletin is issued amidst a wider national and international privacy landscape that is increasingly focused on regulating the collection and use of personal information through web-based technologies and software that may not be readily apparent to the user.

Continue Reading HHS Warns HIPAA Covered Entities and Business Associates That Use of Website Cookies, Pixels, and Other Tracking Technology May Violate HIPAA Rules

From the Diagnosing Health Care PodcastHow have complaints of information blocking been submitted to the Office of the National Coordinator (ONC), and by whom? What does government enforcement action really look like?

In this episode of our special series on interoperability, hear from ONC attorneys Cassie Weaver and Rachel Nelson.

Continue Reading Podcast: Interoperability: Information Blocking Claims and Enforcement – Diagnosing Health Care

On July 8, two weeks following the Supreme Court’s ruling in Dobbs v. Jackson that invalidated the constitutional right to abortion, President Biden signed Executive Order 14076 (E.O.). The E.O. directed federal agencies to take various actions to protect access to reproductive health care services,[1] including directing the Secretary of the U.S. Department of Health and Human Services (HHS) to “consider actions” to strengthen the protection of sensitive healthcare information, including data on reproductive healthcare services like abortion, by issuing new guidance under the Health Insurance and Accountability Act of 1996 (HIPAA).[2]

Continue Reading Biden Administration Seeks to Clarify Patient Privacy Protections Post-Dobbs, Though Questions Remain

Featured on the Diagnosing Health Care Podcast:  How is openEHR transforming the way health data is managed and stored across Europe? Will it soon disrupt the U.S. marketplace?

In this episode of our special series on interoperability, hear from Alastair Allen, CTO of Better.

Continue Reading Podcast: Interoperability: Health Care’s Next Disruptor Is openEHR – Diagnosing Health Care

In this episode of the Diagnosing Health Care Podcast:  In the past decade, certified electronic health records (EHRs) have been instrumental in transforming medical records from paper to digital formats.

What obstacles are currently preventing providers from sharing patient data with each other or patients from sharing health information from their personal devices with their providers? In this episode of our special series on interoperability, hear from Tomaž Gornik, founder and CEO of Better.

Continue Reading Podcast: Interoperability: A New Vision Through openEHR – Diagnosing Health Care

The U.S. Supreme Court is expected to imminently issue its opinion in the case Dobbs v. Jackson Women’s Health Organization (“Dobbs”). If the Court rules in a manner to overturn Roe v. Wade, states will have discretion in determining how to regulate abortion services.[1] Such a ruling would overturn nearly 50 years of precedent, leaving patients, reproductive health providers, health plans, pharmacies, and may other stakeholders to navigate a host of uncharted legal issues. Specifically, stakeholders will likely need to untangle the web of cross-state legal issues that may emerge.

Continue Reading The Pendulum Swings Both Ways: State Responses to Protect Reproductive Health Data, Post-Roe

On April 11, 2022, the Drug Enforcement Administration (DEA) released a final rule which amends DEA regulations to now require all applications for DEA registrations, and renewal of those registrations, to be submitted online. The final rule is effective May 11, 2022.

On January 7, 2021, DEA published a notice of proposed rulemaking (NPRM) that proposed requiring that all applications for DEA registrations, and renewal of those registrations, be submitted online. DEA is promulgating this rule as proposed in the NPRM with one exception: DEA is clarifying that Automated Clearing House (ACH) fund transfers will be accepted as payment for registrations and renewals.
Continue Reading DEA Finalizes Rule Requiring All Registrations and Renewal Applications to Be Completed Online

The past several years have proven difficult for healthcare entities due to increasing cybersecurity threats, breaches and regulatory enforcement. Following these trends, on April 6, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) soliciting public comment on how regulated entities are voluntarily implementing security practices under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) and also seeking public input on sharing funds collected through enforcement with individuals who are harmed by Health Insurance Portability and Accountability Act of 1996 (HIPAA) rule violations.

Continue Reading HIPAA Enforcers Seek Public Input on Recognized Security Practices and Sharing Enforcement Recoveries with Affected Individuals

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently submitted two reports to Congress setting forth the HIPAA breaches and complaints reported to OCR during calendar year 2020 as well as the enforcement actions taken by OCR in response to those reports. HIPAA covered entities should be aware of the trends identified in these reports and should examine their own compliance in these areas.

Continue Reading HHS OCR Issues Annual HIPAA Reports to Congress