On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a bulletin warning that commonly used website technologies, including cookies, pixels, and session replay, may result in the impermissible disclosure of Protected Health Information (“PHI”) to third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The bulletin advises that “[r]egulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of Protected Health Information (“PHI”) to tracking technology vendors or any other violations of the HIPAA Rules.” The bulletin is issued amidst a wider national and international privacy landscape that is increasingly focused on regulating the collection and use of personal information through web-based technologies and software that may not be readily apparent to the user.

Continue Reading HHS Warns HIPAA Covered Entities and Business Associates That Use of Website Cookies, Pixels, and Other Tracking Technology May Violate HIPAA Rules

Throughout 2021, we closely monitored the latest privacy laws and a surge of privacy, cybersecurity, and data asset management risks that affect organizations, small and large. As these laws continue to evolve, it is important for companies to be aware and compliant. We will continue to monitor these trends for 2022.

The attorneys of the Privacy, Cybersecurity & Data Asset Management group have written on a wide range of notable developments and trends that affect employers and health care providers. In case you missed any, we have assembled a recap of our top 10 blog posts of 2021, with links to each, below:

Continue Reading A Year in Review: Top 10 Privacy, Cybersecurity & Data Asset Management Issues in 2021

On January 5, 2018, consistent with the 21st Century Cures Act’s focus on creating interoperability and correspondingly a Trusted Exchange, the Office of the National Coordinator for Health Information Technology (“ONC”) released its “Draft Trusted Exchange Framework” (“Draft Framework”).  The Draft Framework is intended to streamline the exchange of Electronic Health Information (“EHI”) so

The Federal Trade Commission (“FTC”) and the Antitrust Division of the Department of Justice (“Antitrust Division”) released their respective year-end reviews highlighted by aggressive enforcement in the health care industry. The FTC, in particular, indicated that 47% of its enforcement actions during calendar year 2016 took place in the health care industry (including pharmaceuticals and

Health Reform - Epstein Becker Green

Our colleagues at Epstein Becker Green have issued a client alert: "U.S. Supreme Court Opinion Addresses Availability of State-Action Antitrust Immunity," by Patricia M. Wagner, Ross K. Friedberg, and Daniel C. Fundakowski.

Following is an excerpt:

On February 19, 2013, in FTC v. Phoebe Putney Health System, Inc., a case that highlights vigorous