Health Information Privacy & Security
Viewpoints
Filter by:
HHS Health Care Cybersecurity Performance Goals: Proposed Incentives, Penalties and Compliance Standards Review
April 4, 2024 | Blog | By Pat Ouellette
As promised in the U.S. Department of Health and Human Services (HHS) concept paper in December 2023, the agency published voluntary health care and public health cybersecurity performance goals (HPH CPGs) in January 2024 and then proposed in the HHS FY 2025 Budget to establish certain HPH CPG compliance incentives and penalties for hospitals.
Health Care Privacy and Security in 2024: Six Critical Topics to Watch
January 25, 2024 | Blog | By Dianne Bourque, Madison Castle, Lara Compton, Ellen Janos, Pat Ouellette, Cassandra Paolillo
As we reflect on the flurry of activity in the health care data privacy and security space in 2023 and look ahead to what will continue to be a busy 2024, we are seeing the early stages of federal agency movement to align the regulatory environment with modern health care delivery, cutting-edge technologies, and innovative data-sharing techniques. Some of this work has been done in the form of federal agency guidance in which health care organizations will be looking for additional updates and there are also a handful of pending U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) proposals that call for substantial changes to the HIPAA Privacy Rule.
HHS Proposes Plan to Advance Cyber Resiliency in Health Care; OCR Settles Phishing Attack Investigation
December 12, 2023 | Blog | By Pat Ouellette
The U.S. Department of Health and Human Services (HHS) released a concept paper on December 6, 2023 outlining its action plan to enhance cyber resiliency in the health care sector by proposing certain voluntary cybersecurity actions and standards that may ultimately become requirements.
HHS Proposes Appropriate Disincentives for Health Care Providers That Commit Information Blocking
November 6, 2023 | Blog | By Pat Ouellette, Rachel Yount
In coordination with the Centers for Medicare & Medicaid Services (CMS), the Department of Health and Human Services (HHS) and Office of the National Coordinator for Health Information Technology (ONC) proposed a much-anticipated framework to establish and manage “appropriate disincentives” for health care providers under the Information Blocking Rules. As described in more detail in the blog post, the proposed rule (Appropriate Disincentives Proposed Rule) includes proposed disincentives for (i) hospitals and critical access hospitals (CAHs) participating in the Medicare Promoting Interoperability Program; health care providers eligible for Merit-Based Incentive Payment System (MIPS) adjustments; and health care providers participating in the Medicare Shared Savings Program (MSSP).
OCR Cybersecurity Newsletter Emphasizes Significance of HIPAA Sanction Policies
October 23, 2023 | Blog | By Pat Ouellette
The Office for Civil Rights (OCR) recently offered covered entities and business associates (Regulated Entities) not-so-subtle reminders in its October 2023 Cybersecurity Newsletter that effective sanction policies can encourage HIPAA compliance.
California Legislative Update: Reproductive and Gender Affirming Care Rights and Protections
October 11, 2023 | Blog | By Lara Compton, Kathryn Edgerton, Daniel Cody
Governor Gavin Newsom recently signed multiple bills into law as part of California’s ongoing efforts to safeguard access to reproductive and gender affirming health care. The new laws are intended to increase protections for health care providers and patients, increase health care provider availability, and improve patient privacy. In a recent press release, California Legislative Women’s Caucus Vice Chair Assemblymember Cecilia Aguiar-Curry noted: “Last year, we enacted 14 bills and budget funding to expand and protect reproductive rights and services in our state. This year, we build on that momentum with legislation that ensures California remains a national leader in the fight for reproductive justice.”
OIG, HHS Publish Information Blocking CMP Final Rule, Enforcement Priorities
July 13, 2023 | Blog | By Pat Ouellette
Though there has been much speculation and commentary among industry stakeholders, the Office of Inspector General (OIG) and the Office of the National Coordinator for Health Information Technology (ONC) have not yet begun enforcing statutory penalties associated with violations of the Information Blocking Rules. On July 3, 2023, OIG and Department of Health and Human Services (HHS) took a significant step toward enforcement of these penalties when they published long-awaited civil monetary penalty (CMP) final rule (CMP Final Rule) for certain Information Blocking Actors in the Federal Register.
My Health, My Data! Washington State Enacts Broad Health Data Privacy Protection Law
May 24, 2023 | Blog | By Lara Compton, Kathryn Edgerton, Adam B. Korn
Washington greatly expanded the protection for consumers’ identifiable health information by enacting the “My Health My Data Act” (MHMDA), in an effort to close the gap between HIPAA protections and the laws protecting the privacy and security of other consumer health care data. While MHMDA resembles the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA) and the Illinois Biometric Information Privacy Act (BIPA), it broadly applies to health information outside of traditional health care settings. Regulated Entities should consider undertaking additional steps that we outline now to prepare for the March 31, 2024, and June 30, 2024 (small businesses) compliance deadlines.
OCR Proposes HIPAA Amendments to Protect Reproductive Health Care Information
April 13, 2023| Blog|
CMS Builds Upon Interoperability Rules with Prior Authorization Proposal
April 12, 2023 | Blog | By Pat Ouellette
The Centers for Medicare & Medicaid Services (CMS) recently published the Advancing Interoperability and Improving Prior Authorization Processes Proposed Rule (Prior Authorization Proposed Rule), and, if certain components are finalized, impacted payors will be required to be in compliance by January 1, 2026. The Prior Authorization Proposed Rule is meant to build upon the CMS Interoperability and Patient Access Final Rule (Patient Access Final Rule) and includes five proposals aimed at, according to CMS, increasing efficiency, reducing overall payor and provider burden, and improving patient access to electronic health information (EHI). Impacted health care payors include Medicare Advantage (MA) Organizations, Medicaid Managed Care Plans and Children’s Health Insurance Program (CHIP) Managed Care Entities, State Medicaid and CHIP Fee-for-Service (FFS) Programs, and Qualified Health Plan (QHP) Issuers on the Federally Facilitated Exchanges (FFEs). Among the more significant changes in the rule was the inclusion of MA Organizations as impacted payors.
OCR Warns Providers Against Disclosing PHI on Social Media Platforms in Response to Negative Reviews in Settlement with Dental Practice
December 22, 2022 | Blog | By Lara Compton, Kathryn Edgerton, Pat Ouellette
As illustrated by a recent Office for Civil Rights (OCR) settlement with a dental practice, health care entities continue to struggle with how to respond to negative online reviews while maintaining compliance with the HIPAA Privacy Rule. Given the significant reputational harm that negative reviews on Yelp and other social media and public platforms (Platforms) can create, providers may be tempted to respond to such negative comments with patient specifics in an attempt to mitigate harm to their businesses.
OCR HIPAA Privacy Rule Enforcement Roundup: Right of Access Initiative and Improper PHI Disposal
September 22, 2022 | Blog | By Pat Ouellette
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has been busy over the past month announcing new enforcement actions and settlement agreements related to violations of the Privacy Rule implemented under the Health Insurance Portability and Accountability Act (HIPAA). OCR’s latest actions offer a reminder for HIPAA Covered Entities that Privacy Rule enforcement activity can come in a variety of types and sizes.
Protecting Health Information Post Roe – Part 2: Steps for Health Care Providers
July 21, 2022| Blog|
What Would the American Data Privacy and Protection Act Mean for the Health Industry?
June 23, 2022 | Blog | By Kate Stewart, Pat Ouellette
All players in the health and wellness ecosystem should be following developments around the American Data Privacy and Protection Act (ADPPA). If enacted, the ADPPA would be a watershed in the regulation of the privacy and security of personal information, including health information. The ADPPA would have a particularly large impact on entities that currently collect, process, and transmit health information but are not subject to HIPAA.
Federal Healthcare Agencies Aim to Prioritize Information Blocking Enforcement in 2022
March 28, 2022 | Blog | By Pat Ouellette
The United States Department of Health and Human Services (HHS) and Centers for Medicare and Medicaid Services (CMS) leadership announced during last week’s HIMSS 2022 Conference that the agencies will be focusing on information blocking enforcement for the remainder of 2022. This blog post discusses the importance of closing the enforcement gap and the development of disincentives for health care providers.
ONC Publishes Report, Commentary on Information Blocking Rule Claims Trends
March 7, 2022 | | By Pat Ouellette
Webinar Recording: Health Care Enforcement Year in Review & 2022 Outlook
February 16, 2022 | Webinar | By Grady Campion, Randy Jones, Samantha Kingsbury, Karen Lovitch, Kevin McGinty
Information Blocking Rule: Key Considerations for 2022
December 29, 2021 | Blog | By Pat Ouellette
California’s Senate Bill 41: The Genetic Information Privacy Act
October 19, 2021 | Blog | By Stephnie John, Lara Compton
California Health Privacy Information Legislation Update
September 22, 2021 | Blog | By Lara Compton, Stephnie John
Explore Other Viewpoints:
- AI: The Washington Report
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Artificial Intelligence
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Cannabis
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Corporate Governance (ESG)
- Cross-Border Asset Recovery
- Debt Financing
- Direct Investing (M&A)
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment
- Energy & Sustainability
- Environmental (ESG)
- Environmental Enforcement Defense
- Environmental Law
- Environmental, Social, and Corporate Governance (ESG)
- FDA Regulatory
- False Claims Act
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Growth Equity
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Impacts of a New US Administration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Pharmacy Benefits and PBM Contracting
- Portfolio Companies
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Probate & Fiduciary Litigation
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Social (ESG)
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- State Attorneys General
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Technology, Communications & Media Litigation
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Value-Based Care
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology