The American Privacy Rights Act of 2024 (APRA), a bipartisan and “historic” comprehensive data privacy bill unveiled April 8, 2024, would preempt state data privacy laws and be enforced by the Federal Trade Commission, states, and affected individuals. As per the Press Release: “This comprehensive draft legislation sets clear, national data privacy rights and protections for Americans, eliminates the existing patchwork of state comprehensive data privacy laws, and establishes robust enforcement mechanisms to hold violators accountable, including a private right of action for individuals ..read more

Today the U.S. Department of Health & Human Services (HHS) finalized rules published in December of 2022 changing the requirements for handling SUD patient information governed by 45 CFR part 2 (Part 2). Health care facilities subject to Part 2 often struggled to comply with requirements related to SUD patients and their information that were inconsistent with HIPAA. The new Part 2 rules clean up many of those inconsistencies, while continuing to provide additional protection for Part 2 patient and their records where necessary, such as in legal proceedings brought against an SUD patient ..read more

Exactly 12 days before Christmas, the U.S. Department of Health and Human Services’ Office of the National Coordinator (ONC) gave the health industry a unique gift buried in a 900+ page rule adoption. The gift?  The first comprehensive U.S. regulation delineating the responsible use and oversight of AI used in connection with health care decision-making.   Disagreeing “with commenters who believe that requirements for AI or machine learning-driven decision support is premature”, ONC states: “we believe now is an opportune time to help optimize the use and improve the quality” of the ..read more

On November 6, 2023, the HHS Office of Inspector General published a new compilation of compliance guidance under the title General Compliance Program Guidance (GCPG) for the healthcare compliance community and other health care stakeholders. Consistent with the OIG’s April 24, 2023 announcement of its plan to issue modernized, improved, and accessible guidance, the 91-page document is now available on the OIG’s website. You can view the full post authored by Fox Rothschild’s Terri Harris at the Health Care Law Matters blog, here: In Case You Missed It: New OIG General Complianc ..read more

Disregard your Health Insurance Portability and Accountability Act obligations at your own risk.  That’s the stark warning covered entities and business associates should take away from a recent settlement entered into by the nation’s largest publicly operated health plan and the U.S. Department of Health and Human Services’ Office for Civil Rights. Click here to read our full alert on this matter ..read more

Last week, the Federal Trade Commission (“FTC”) and the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) issued a joint letter (“Joint Letter”) (https://www.ftc.gov/system/files/ftc_gov/pdf/FTC-OCR-Letter-Third-Party-Trackers-07-20-2023.pdf) to approximately 130 hospitals and telehealth providers, warning that online tracking technologies integrated into their websites and/or mobile apps may be improperly disclosing personal health data to third parties. The FTC and OCR strongly urged monitoring of data flows to third parties via technologies integrated into w ..read more

Brightree by ResMed (“Brightree”), a cloud-based management software platform for healthcare providers, has conducted its biannual interoperability survey, and issued its corresponding biannual Interoperability and Engagement Research Report. Most notably, and not surprisingly, 99% of the 400+ provider entities that were surveyed, said they are most likely to send patient referrals for post-acute care (PAC) to providers who are able to support interoperability needs. Interoperability capabilities may includes Sending/accepting electronic referrals; An established electronic health records (EH ..read more

Privacy, data security and regulatory compliance affect companies in every industry. Join leading privacy professionals at our fifth annual Privacy Summit as they discuss some of the most consequential topics of the day during the following panels: Wave of Session-Replay Software and Chat Wiretapping Class Actions  What is the Future of Data Privacy in the US Privacy and Security in the Age of ChatGPT: Weighing the Risks, Leveraging the Benefits The Summit will feature a Fireside Chat with Sue Vinci, Chief Privacy Officer of Verizon. She and Elizabeth Litten, Fox Rothschild’s Chief ..read more

As states enact and enforce various laws restricting, prohibiting, and even criminalizing abortion and other reproductive health care services, HIPAA rules that allow disclosure of patient information become potential privacy landmines. HIPAA loopholes that jeopardized the privacy of sensitive reproductive health data will be tightened or even closed if U.S. Department of Health & Human Services (HHS) rules proposed on April 12th are adopted. One loophole, briefly described in our post here, allows a provider to disclose information if a provider reasonably believes an individual is a vict ..read more

Watch out HHS, the FTC is taking the lead in enforcing privacy violations by companies also subject to HIPAA. BetterHelp, an on-line mental health platform, engaged in unfair and unreasonable privacy practices according to the FTC’s complaint, leading to a proposed $7.8 million settlement payment to customers. The U.S. Department of Health and Human Services (HHS) warned us that use of on-line tracking technologies can violate HIPAA. Now the Federal Trade Commission (FTC) is flexing its enforcement muscles. Last month, it published a post about the $1.5 million civil monetary penalty it impose ..read more