On March 2, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action against California-based online counseling service BetterHelp, Inc. (“BetterHelp”) for allegedly sharing consumers’ health information, including sensitive information about mental health challenges, for advertising purposes in violation of Section 5 of the FTC Act.
This latest enforcement action comes just one month after
On February 1, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action (“Enforcement Action”) against California-based telehealth and prescription drug discount provider GoodRx Holdings, Inc. (“GoodRx”) for allegedly violating section 5 of the FTC Act and the Health Breach Notification Rule (“HBNR”). The proposed order (“Proposed Order”), which was brought by the U.S. Department
The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) recently issued a bulletin to highlight the obligations of Health Insurance Portability and Accountability Act of 1996 (HIPAA) on regulated entities under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies. The bulletin defines
Earlier this week, the United States Department of Health and Human Services (“HHS”) released a Notice of Proposed Rulemaking (“NPRM”) that proposes to make sweeping changes to regulations at 42 C.F.R. part 2 (“Part 2”) governing the confidentiality of substance use disorder (“SUD”) records. These modifications, which implement provisions of section 3221 of the Coronavirus
The Biden Administration is taking action to support access to reproductive health care in response to the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization. This is occurring as some states seek to restrict or criminalize abortion services. So far, there has been action by the White House, through an Executive Order, and by the U.S. Department of Health and Human Services (HHS), through guidance on HIPAA and privacy.
The Russia-Ukraine conflict is increasing the risk of ransomware attacks and other cyber threats for U.S. companies, and those in the health care industry may be targeted. In a recent analyst note from the Department of Health & Human Services (“HHS”), HHS describes the cyber capabilities of Russia, one of the world’s major cyberpowers, and analyzes two malware variants most likely to impact the U.S. health care and public health sector.
Continue Reading Increased Cyber Risk for Health Care Organizations Due to the Russia-Ukraine Conflict
On Monday, the Office for Civil Rights (“OCR”) at the U.S. Department of Health & Human Services (“HHS”) announced an enforcement action against Bayfront Health St. Petersburg (“Bayfront”) for allegedly failing to provide a mother timely access to her unborn child’s prenatal medical records. The enforcement action is noteworthy in that it marks OCR’s first
HHS’s Substance Abuse and Mental Health Services Administration (“SAMHSA”) proposed updated rules to clarify the scope of perceived barriers to sharing information regarding treatment for substance use disorders (SUDs) among providers, with research entities, and for law enforcement purposes. The proposed changes to the 42 C.F.R. Part 2 (“Part 2”) regulations appear in two Notices of Proposed Rulemaking (“NPRMs”), which are also summarized in a Fact Sheet. These proposals are part of HHS’s Regulatory Sprint to Coordinated Care, an agency-wide effort to remove regulatory obstacles to care coordination and information-sharing. HHS is anticipated to release proposed rules on HIPAA, the Physician Self-Referral Law and Anti-Kickback Statute by the end of 2019 as part of this effort as well.
The proposed Part 2 updates could have significant impacts on how health care providers, researchers, and health technology companies protect and share SUD information with each other, so interested parties should submit comments on the NPRMs before the deadlines, and prepare to submit comments in response to HHS’s other Regulatory Sprint to Coordinated Care efforts in the coming months.
Background
Yesterday, the FDA released draft guidance on the management of cybersecurity in medical devices submitted to the agency for premarket review. Noting that cybersecurity threats to the healthcare sector have increased in number and severity, the FDA offered new recommendations for device design, labeling, and documentation that medical device manufacturers will need to consider during premarket submission processes.
The guidance comes shortly after the FDA’s launch of its Medical Device Cybersecurity Playbook, which provides a framework for healthcare delivery organizations to use in preparing for and responding to cybersecurity threats against patient medical devices.
Given rapid changes in technology and increasing innovation in the digital health market, the guidance intends to decrease the risk of cyberattacks that could render medical devices inoperable and potentially harm patients. Comments on the draft guidance are due on March 18, 2019.
Continue Reading FDA Issues New Guidance for the Management of Cybersecurity in Medical Devices