Health Information Privacy & Security
Viewpoints
Filter by:
HHS Health Care Cybersecurity Performance Goals: Proposed Incentives, Penalties and Compliance Standards Review
April 4, 2024 | Blog | By Pat Ouellette
As promised in the U.S. Department of Health and Human Services (HHS) concept paper in December 2023, the agency published voluntary health care and public health cybersecurity performance goals (HPH CPGs) in January 2024 and then proposed in the HHS FY 2025 Budget to establish certain HPH CPG compliance incentives and penalties for hospitals.
Read more
Health Care Privacy and Security in 2024: Six Critical Topics to Watch
January 25, 2024| Blog|
HHS Proposes Plan to Advance Cyber Resiliency in Health Care; OCR Settles Phishing Attack Investigation
December 12, 2023 | Blog | By Pat Ouellette
The U.S. Department of Health and Human Services (HHS) released a concept paper on December 6, 2023 outlining its action plan to enhance cyber resiliency in the health care sector by proposing certain voluntary cybersecurity actions and standards that may ultimately become requirements. For health care organizations such as hospitals, “cyber resiliency” generally means how organizations anticipate, operate during, respond to, and recover from cyber attacks such as ransomware attacks, cloud exploitations, phishing or spear-phishing attacks, software and zero-day vulnerabilities, or distributed denial of service attacks.
Read more
HHS Proposes Appropriate Disincentives for Health Care Providers That Commit Information Blocking
November 6, 2023 | Blog | By Pat Ouellette, Rachel Yount
In coordination with the Centers for Medicare & Medicaid Services (CMS), the Department of Health and Human Services (HHS) and Office of the National Coordinator for Health Information Technology (ONC) proposed a much-anticipated framework to establish and manage “appropriate disincentives” for health care providers under the Information Blocking Rules. As described in more detail in the blog post, the proposed rule (Appropriate Disincentives Proposed Rule) includes proposed disincentives for (i) hospitals and critical access hospitals (CAHs) participating in the Medicare Promoting Interoperability Program; health care providers eligible for Merit-Based Incentive Payment System (MIPS) adjustments; and health care providers participating in the Medicare Shared Savings Program (MSSP).
Read more
OCR Cybersecurity Newsletter Emphasizes Significance of HIPAA Sanction Policies
October 23, 2023 | Blog | By Pat Ouellette
The Office for Civil Rights (OCR) recently offered covered entities and business associates (Regulated Entities) not-so-subtle reminders in its October 2023 Cybersecurity Newsletter that effective sanction policies can encourage HIPAA compliance. Regulated Entities are required by HIPAA to implement sanction policies in which they impose “appropriate sanctions” against their respective workforce members who fail to comply with the Privacy Rule or Security Rule, the Regulated Entity’s privacy policies and procedures, and/or the Regulated Entity’s security policies and procedures, as applicable. These sanction policies are important administrative safeguards meant to ensure there are objective, documented consequences for HIPAA non-compliance among workforce members. The recent proliferation of social engineering attacks and increasingly sophisticated nature of external cybersecurity threats in health care underscore the importance of Regulated Entities consistently reviewing and applying sanction policies.
Read more
California Legislative Update: Reproductive and Gender Affirming Care Rights and Protections
October 11, 2023 | Blog | By Lara Compton, Kathryn Edgerton, Daniel Cody
Governor Gavin Newsom recently signed multiple bills into law as part of California’s ongoing efforts to safeguard access to reproductive and gender affirming health care. The new laws are intended to increase protections for health care providers and patients, increase health care provider availability, and improve patient privacy. In a recent press release, California Legislative Women’s Caucus Vice Chair Assemblymember Cecilia Aguiar-Curry noted: “Last year, we enacted 14 bills and budget funding to expand and protect reproductive rights and services in our state. This year, we build on that momentum with legislation that ensures California remains a national leader in the fight for reproductive justice.”
Read more
OIG, HHS Publish Information Blocking CMP Final Rule, Enforcement Priorities
July 13, 2023 | Blog | By Pat Ouellette
Though there has been much speculation and commentary among industry stakeholders, the Office of Inspector General (OIG) and the Office of the National Coordinator for Health Information Technology (ONC) have not yet begun enforcing statutory penalties associated with violations of the Information Blocking Rules. On July 3, 2023, OIG and Department of Health and Human Services (HHS) took a significant step toward enforcement of these penalties when they published long-awaited civil monetary penalty (CMP) final rule (CMP Final Rule) for certain Information Blocking Actors in the Federal Register.
Read more
My Health, My Data! Washington State Enacts Broad Health Data Privacy Protection Law
May 24, 2023 | Blog | By Lara Compton, Kathryn Edgerton, Adam B. Korn
Washington greatly expanded the protection for consumers’ identifiable health information by enacting the “My Health My Data Act” (MHMDA), in an effort to close the gap between HIPAA protections and the laws protecting the privacy and security of other consumer health care data. While MHMDA resembles the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA) and the Illinois Biometric Information Privacy Act (BIPA), it broadly applies to health information outside of traditional health care settings. Regulated Entities should consider undertaking additional steps that we outline now to prepare for the March 31, 2024, and June 30, 2024 (small businesses) compliance deadlines.
Read more
OCR Proposes HIPAA Amendments to Protect Reproductive Health Care Information
April 13, 2023| Blog|
CMS Builds Upon Interoperability Rules with Prior Authorization Proposal
April 12, 2023| Blog|
OCR HIPAA Privacy Rule Enforcement Roundup: Right of Access Initiative and Improper PHI Disposal
September 22, 2022| Blog|
Protecting Health Information Post Roe – Part 2: Steps for Health Care Providers
July 21, 2022 | Blog | By Cynthia Larose, Dianne Bourque
In this second of our two-part blog series on protecting health information post Roe, we discuss legal and practical strategies that health care providers can take to protect the information of their patients. State laws that restrict or criminalize abortions will require significant amounts of health information to enforce, putting new pressure on health care providers caught in the middle of competing obligations to their patients and to regulatory and law enforcement authorities making lawful requests for this information.
Read more
Federal Healthcare Agencies Aim to Prioritize Information Blocking Enforcement in 2022
March 28, 2022| Blog|
Webinar Recording: Health Care Enforcement Year in Review & 2022 Outlook
February 16, 2022 | Webinar | By Grady Campion, Randy Jones, Samantha Kingsbury, Karen Lovitch, Kevin McGinty
In our annual webinar, Mintz’s Health Care Enforcement Defense team reviewed the key health care fraud enforcement developments and trends from 2021, assessed their likely impact in 2022, and provided recommendations to avoid government scrutiny.
Read more
Information Blocking Rule: Key Considerations for 2022
December 29, 2021| Blog|
California’s Senate Bill 41: The Genetic Information Privacy Act
October 19, 2021 | Blog | By Stephnie John, Lara Compton
Our previous blog post on pending California privacy legislation included a prediction that has since materialized: Governor Newsom signed the Genetic Information Privacy Act (“GIPA”) on October 6, 2021, and the law will go into effect on January 1, 2022. GIPA establishes a number of mechanisms to close the existing gap in the protection of genetic information under the current framework of federal and state privacy laws. As discussed in our earlier post, GIPA contains a robust penalty structure, but it includes a number of carve-outs and does not apply to entities already subject to regulation under other health information privacy laws. Notably, GIPA does not reduce or eliminate obligations under other laws, including California’s more broadly applicable consumer privacy laws, such as the CCPA and breach notification statute, as recently amended by AB 825. Given Governor Newsom’s former concern about GIPA’s interference with mandatory COVID-19 testing reporting, the law also does not apply to tests that are conducted exclusively to diagnose whether an individual has a specific disease.
Read more
California Health Privacy Information Legislation Update
September 22, 2021 | Blog | By Lara Compton, Stephnie John
When it comes to the privacy of health information, California belongs to the select group of states that have implemented broad consumer privacy protections above and beyond those provided by the federal Health Insurance Portability and Accountability Act (HIPAA) and the Federal Trade Commission Act (FTCA). This year, the state’s ongoing legislative efforts to protect the health information of its residents included: Assembly Bill 1436 (AB 1436) which if enacted would have revised California’s existing Confidentiality of Medical Information Act (CMIA), and Senate Bill 41 (SB 41), which if enacted will create the new Genetic Information Privacy Act (GIPA). As further discussed below, only SB 41 is moving forward, and if signed by Governor Newsom GIPA will go into effect on January 1, 2022.
Read more
Explore Other Viewpoints:
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Artificial Intelligence
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Cross-Border Asset Recovery
- Debt Financing
- Direct Investing (M&A)
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Growth Equity
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Pharmacy Benefits and PBM Contracting
- Portfolio Companies
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Technology, Communications & Media Litigation
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Value-Based Care
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology