Recent changes in federal immigration enforcement practices have prompted renewed attention to how healthcare providers manage requests from law enforcement agencies. While federal policy continues to recognize healthcare facilities as sensitive environments, there has been increased interest in enforcement activity in or around such locations. Healthcare organizations should consider taking this opportunity to review internal protocols and confirm they are prepared to respond in a manner that is consistent with applicable federal and state law.Continue Reading Immigration Enforcement and Healthcare Facilities: Key Considerations for Providers

The U.S. Department of Health and Human Services (“HHS”) issued a Notice of Proposed Rulemaking (the “Proposed Rule”) on December 27, 2024, to significantly amend HIPAA’s Security Rule, which sets forth the security standards for the protection of protected health information by covered entities and their business associates. The Proposed Rule’s issuance was expected, especially in light of the growing number of health data breaches and disclosures of large scale foreign cyberattacks.Continue Reading HHS’ Last-Minute Holiday Gift: Proposed Changes to the HIPAA Security Rule

With technology rapidly evolving and jurisdictions appearing blurred, it is increasingly important to be mindful of data flow and use. This is particularly true where patient data is being accessed by offshore subcontractors.Continue Reading Do You Catch Our Drift? Navigating the Waters of Offshoring and Patient Data

The U.S. Department of Health and Human Services (HHS) and the Substance Abuse and Mental Health Services Administration (SAMHSA) recently released the long anticipated Final Rule to revise the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 C.F.R. Part 2 (Part 2).Continue Reading HHS Announces 42 Part 2 Final Rule to Align with HIPAA

On June 16, 2023, nearly half of the State Attorneys General[1] penned a letter (the “Letter”) to the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) advocating for broader privacy protections surrounding reproductive health care information. Specifically, the Letter targeted the Notice of Proposed Rulemaking (the “Proposed Rule”) published by OCR in April of 2023, which proposed a number of revisions to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).[2]Continue Reading State Attorneys General Pen Letter to OCR Advocating for Greater Privacy Protection of Reproductive Health Care Information

Texas is joining a growing number of states in passing comprehensive privacy legislation intended to safeguard consumer personal data.[1] Specifically, the Texas Data Privacy and Security Act (the “Act”) adds protections for consumers[2] and their personal data, which includes any information that is linked or reasonably linkable to an identified or identifiable individual.[3]Continue Reading Texas is Making Moves on a Comprehensive Consumer Privacy Law

On April 27, 2023, the state of Washington enacted a landmark privacy law aimed at protecting the privacy of health data not covered by HIPAA. This law, named the “My Health My Data Act,” covers a very wide range of entities, consumers, and data. It also contains a private right of action. Companies should soon begin evaluating the scope of this law and its requirements before it comes into effect March 31, 2024 (for “small businesses,” June 30, 2024).Continue Reading Washington State Enacts Landmark Privacy Law Aimed at Digital Health Industry

On April 12, 2023, OCR issued a Notice of Proposed Rulemaking (“NPRM”) to strengthen HIPAA’s protections around reproductive health care privacy. The NPRM responds to President Biden’s Executive Order 14076, which directed HHS to consider ways to strengthen privacy protections for reproductive health care services, following the Supreme Court’s rule in Dobbs v. Jackson Women’s Health Organization, overturning Roe v. Wade and ultimately resulting in renewed concern over patient privacy and reproductive healthcare.Continue Reading OCR Announces Proposed Rulemaking to Strengthen Reproductive Health Privacy

The Centers for Medicare & Medicaid Services (“CMS”), on behalf of the U.S. Department of Health and Human Services (“HHS”), recently issued a proposed rule to adopt standards under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) for “health care attachment” transactions (the “Proposed Rule”). The Proposed Rule would implement requirements of HIPAA’s administrative simplification regulations, which are intended to support healthcare claims and prior authorization transactions while also introducing a standard format for electronic signatures to be used in conjunction with health care attachments.Continue Reading CMS’s Administrative Simplification Rule Aims to Increase Efficiency and Standardization for Health Care Attachments

As telehealth services surged in response to the COVID-19 pandemic, unique compliance challenges likewise developed in unexpected ways. Recognizing these challenges, the Office of Civil Rights (“OCR”) indicated that it would exercise its enforcement discretion by declining to impose penalties against covered health care providers for instances of good faith noncompliance with the requirements of the Health Insurance Portability and Accountability Act (“HIPAA”) in connection with the provision of telehealth services. In effect, a covered health care provider seeking to use audio or video communication technology to provide telehealth services during the public health emergency could do so with greater flexibility.Continue Reading Office of Civil Rights Publishes Guidance on Use of Audio-Only Telehealth Services

The digital health sector has seen tremendous growth and innovation over the past few years. This momentum introduces new complexities within the legal and regulatory landscape that is trying to
Continue Reading Top 5 Legal Issues in Digital Health to Watch for in 2022