According to a December 20, 2019 Report by HIPAA Journal, nearly 39 million health care data breaches had been reported to the U.S. Department of Health and Human Services (“DHHS”), Office of Civil Rights (“OCR”) by the end of November 2019. This is a staggering number, especially considering that this is more than double what was reported in all of 2018. This appears to be part of an exponentially growing number of breach reports since, as we reported last year, 2018’s breach reports were already three times greater than what was reported in 2017.

This article explores some of the trends that can be attributed to the growing number of breaches and how the OCR has responded to the difficulties experienced by healthcare entities (“Covered Entities”) covered by the security and confidentiality requirements applicable to protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 and 45 CFR Parts 160 and 164, as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”) (collectively referred to hereinafter as “HIPAA”).
Continue Reading 2019 Year in Review: Notable Changes in Law, Policy, and Enforcement of HIPAA

On January 30, 2017, the proposed 340B Drug Pricing Program (the “340B Program”) Omnibus Guidance (the “Guidance”) first issued by the Health Resources and Services Administration (HRSA) in August of 2015 was withdrawn from the Office of Management and Budget (OMB) review process.  It is widely believed that the “cause of death” for the Guidance was the Trump Administration’s January 20, 2017 Memorandum (the “Memorandum”) directing agencies to immediately withdraw all unpublished regulations pending before OMB.[1]
Continue Reading The 340B Program Omnibus Guidance: Not Ready for Prime Time