On May 18, 2023, the Federal Trade Commission (FTC) announced a number of proposed amendments to the Health Breach Notification Rule (the Rule), the latest in a series of actions taken by the agency to make health apps and other similar technologies (such as fitness trackers) subject to the Rule. If adopted, the proposed amendments … Continue Reading
On April 12, 2023, the Biden administration announced a notice of proposed rulemaking (NPRM) from the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the agency responsible for enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The NPRM is designed to protect patient privacy as it relates to … Continue Reading
On June 29, 2016, the U.S. Department of Health and Human Services (HHS) announced a Resolution Agreement with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), settling charges that CHCS failed to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. As part of the settlement, CHCS will pay … Continue Reading
The U.S. Department of Health and Human Services (HHS) recently issued guidance to help mobile application developers analyze whether the Health Insurance Portability and Accountability Act of 1996 (HIPAA) may apply to them.1 Not every mobile application developer that handles personal health information is subject to HIPAA regulation, and determining whether HIPAA applies is situation-dependent … Continue Reading
In late 2015, the U.S. Department of Health and Human Services (HHS) announced three settlements in which the agency will collect over $5 million in collective penalties for alleged non-compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In addition to the monetary penalties, each of the settlements requires compliance with a … Continue Reading
Following the conclusion of the Health Insurance Portability and Accountability Act (HIPAA) pilot audit program in 2012, speculation began about the timing of the permanent program of periodic HIPAA audits. Originally, the Department of Health and Human Service’s Office of Civil Rights (OCR) scheduled the permanent audit program for 2014. However, personnel and budget limitations … Continue Reading
The Department of Health and Humans Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) recently released a practical guide designed to help healthcare providers and their service providers better understand and implement privacy and security protections for electronic health information.1 Organizations that handle personal health-related information, even when they are subject … Continue Reading
A recently issued government rule may unknowingly create significant liability and legal risk for many technology enterprises. The expanded definition of “business associates” and related interpretations by the Department of Health and Human Services (HHS) suggest that many companies should revisit how they provide services and ask whether they are providing their services to health … Continue Reading