On March 18, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued updated guidance regarding the use of online tracking technologies by entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
Notably, the updated guidance replaces OCR’s original guidance issued in December 2022, both of which warn companies subject to HIPAA, Covered Entities and their Business Associates (collectively “Regulated Entities”), that use of online tracking technologies, such ...
The Federal Trade Commission (“FTC”) recently issued guidance clarifying protections applicable to consumers’ sensitive personal data increasingly collected by so-called “health apps.” The FTC press release indicated it has approved a policy statement by a vote of 3-2 offering guidance that organizations using “health applications and connected devices” to “collect or use” consumers’ personal health information must comply with the cybersecurity, privacy and notification mandates of the Health Breach Notification Rule (the “Rule”).
The ...
Only a few days remain before the enforcement delay that the Centers for Medicare & Medicaid Services (CMS) exercised due to COVID-19 will end and the agency will require certain payors to publish a Patient Access application programming interface (“API”) and a Provider Directory API under the requirements of the CMS Interoperability and Patient Access Final Rule. Starting on July 1, 2021, all health plans that offer Medicare Advantage, Medicaid and Children’s Health Insurance Program (CHIP) and most Qualified Health Plans offered through the Federally-facilitated ...
The roll out of the Office of the National Coordinator’s (ONC) 21st Century Cures Act Interoperability and Information Blocking Rules is reminiscent of the way HIPAA has rolled out over the course of the past 25 years. As of May 1, 2021, Actors have been required to comply with the Information Blocking rules. However, it will take some time before all Actors know who they are and for complaints of Information Blocking to be determined to be actual instances of Information Blocking, by which time the penalties that have not yet been finalized may also need to be adjusted.
While ONC defined ...
Cyber threats and cybersecurity controls have evolved significantly over the past two decades since the HIPAA Security Rule were originally promulgated. During this same time, healthcare entities have increasingly become a prime target of hackers seeking to extort payment using ransomware, exfiltrate patient data to commit fraud, or disrupt operations in other nefarious ways. Recognizing these challenges, some security professionals have sought further clarity on the HIPAA Security Rule that they deem to be “long in the tooth”. Yet, regulators have not made any ...
On Friday April 26, 2019, the US Department of Health and Human Services (“HHS”) issued a notification regarding HHS’ use of Civil Monetary Penalties (“CMP”) under the Health Insurance Portability and Accountability Act (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. https://www.federalregister.gov/documents/2019/04/30/2019-08530/enforcement-discretion-regarding-hipaa-civil-money-penalties. The notice provides: “As a matter of enforcement discretion, and pending further ...
Tuesday’s decision by Judge Richard Leon of the U.S. District Court for the District of Columbia categorically approving the merger of AT&T and Time Warner, without imposing any conditions or limitations and rejecting granting a stay for appeal purposes, will, unless blocked if there is an appeal, open the way for a series of pending vertical merger deals.
A “vertical merger” is a merger of two companies that do not compete and that are at different levels of the product or service-provision process. Such mergers do not reduce the number of competitors in a given market and, by ...
West Virginia recently took a bold step to set the stage to shield an in-state hospital merger from further antitrust scrutiny by the Federal Trade Commission (FTC). Certain healthcare stakeholders are likely watching these developments with some excitement and with some thought toward pursing similar initiatives in their respective states. Although this may have some positive effects for healthcare mergers (depending upon one's point of view) it is not altogether clear that state review processes that might shield a merger from federal antitrust enforcement will necessarily ...
Blog Editors
Recent Updates
- As the Window for Comments Closes on ONC/ASTP’s HTI-2 Proposed Rule: What’s in HTI-2 and What Does It Mean for You?
- Unpacking Averages: Assessing FDA’s Postmarket Surveillance Under Section 522
- Video: New State Legislation Increases Oversight of Health Care Transactions – Thought Leaders in Health Law
- Video: New HIPAA Final Rule - Key Changes to Reproductive Health Care Privacy – Thought Leaders in Health Law
- Post-AB 3129, California Sponsored MSOs Must Focus on Compliance, Strategic Growth, and Exit Planning