Category

HHS

06 May 2022

Digital Health Industry Take Note: New HIPAA Comment Opportunity and Guidance Addresses Growing Risk of Cybersecurity Attacks

Digital health companies should take note of new data privacy and security developments under the Health Insurance Portability and Accountability Act (HIPAA) that can affect product planning and customer negotiations.

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has released a request for information (RFI) … Read More

EmailShare
28 March 2022

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

On March 17, 2022, the U.S. Department of Health and Human Service’s Office for Civil Rights (“OCR”) issued industry guidance for Health Insurance Portability and Accountability Act (“HIPAA”) regulated entities to take preventative steps to protect against some of the more common, and often successful, cyber-attack techniques. For example, the … Read More

EmailShare
15 December 2020

HHS Issues Proposed Rule Modernizing HIPAA Privacy Rule

On December 10, 2020, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) released a proposed rule (the Proposed Rule) that would make a number of key changes to the Privacy Rule under the Health Insurance Portability and Accountability Act of 1996 and the Health … Read More

EmailShare
27 July 2020

SAMHSA Releases Final 42 CFR Part 2 Revised Rule

On July 13, the Department of Health and Human Services’ Substance Abuse and Mental Health Services (“SAMHSA”) announced final revisions to the Confidentiality of Substance Use Disorder Patient Records regulation codified at 42 CFR Part 2 (so-called “Part 2” regulations).  These regulations—which apply to certain information relating to patients being … Read More

EmailShare
05 May 2020

HHS Announces Exercise of Enforcement Discretion for Entities Engaged in COVID-19 Relief Efforts

Since COVID-19 was declared a pandemic, the U.S. Department of Health and Human Services (“HHS”) and its Office for Civil Rights (“OCR”) have taken a variety of steps to relax HIPAA restrictions particularly pertinent to the COVID-19 response.

First, as covered in an earlier posting, HHS took action to Read More

EmailShare
18 March 2020

HHS Issues Limited Waiver of Certain HIPAA Privacy Rule Obligations and Exercises Enforcement Discretion with Respect to Telehealth Services In Light of COVID Public Health Emergency

This week the U.S. Department of Health and Human Services (HHS) took action to waive penalties and refrain from enforcing certain federal health information privacy restrictions under the Health Insurance Portability and Accountability Act (HIPAA) in response to COVID-19.

EmailShare
Read More
EmailShare
02 October 2019

Part 2 Proposed Rule Seeks to Reduce Barriers to Coordination of Care for Substance Use Disorders

In an effort to reduce barriers to coordination of care, the U.S. Department of Health and Human Services (“HHS”) is considering changes to Federal restrictions on the sharing of substance use disorder (“SUD”) records.  The proposed changes would modify 42 C.F.R. Part 2 (“Part 2”) regulations that place restrictive conditions … Read More

EmailShare
30 April 2019

OCR Reduces HIPAA Penalties and Clarifies Liability for Transferring ePHI to Third-Party Health Apps

New Annual HIPAA Penalty Tiers

Six months after imposing the largest ever HIPAA fine ($16 million) following a HIPAA data breach, the U.S. Department of Health & Human Services’ Office for Civil Rights (“OCR”) has announced that it is exercising its enforcement discretion to lower maximum annual HIPAA penalties.

EmailShare
Read More
EmailShare
14 February 2019

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

On January 28, 2019, the Healthcare and Public Health Sector Coordinating Council released the “Medical Device and Health IT Joint Security Plan” (“JSP” or “Plan”)—cybersecurity recommendations for medical device manufacturers, healthcare information technology vendors, and healthcare providers.  U.S. Government entities, including the FDA, participated in the development of … Read More

EmailShare
08 January 2019

HHS Releases Cybersecurity Guidance for Healthcare Organizations

On December 28, 2018, the U.S. Department of Health and Human Services (HHS) released a four-volume cybersecurity guidance document for healthcare organizations. The publication, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (HICP), is the result of a government and industry collaboration mandated by the Cybersecurity Act … Read More

EmailShare
XSLT Plugin by BMI Calculator