HIPAA & Privacy

Subscribe to HIPAA & Privacy via RSS

Last week, the Office for Civil Rights (“OCR”) announced a settlement with Lafourche Medical Group (“LMG”), a Louisiana medical group, for a 2021 phishing attack and breach that affected the protected health information (“PHI”) of 34,862 individuals. In addition to paying $480,000 to OCR, LMG agreed to a corrective action plan that will include implementing security measures to protect electronic PHI, developing written policies and procedures to comply with HIPAA rules, and training staff members.Continue Reading OCR Takes Enforcement Action for Phishing Attack

Last week, the Office for Civil Rights (“OCR”) issued two pieces of guidance on the privacy and security of protected health information (“PHI”) when using telehealth services. One of the documents is intended to help health care providers explain to patients, in plain language, the privacy and security risks of using remote communication technologies for telehealth (the “Provider Telehealth Guidance”). The other provides tips to patients on how to safeguard their PHI when using video apps and other technologies for telehealth (the “Patient Telehealth Guidance”).Continue Reading OCR Issues Guidance to Providers and Patients on Telehealth Privacy and Security

On January 19, 2022, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) published the Trusted Exchange Framework and Common Agreement (TEFCA) for health information exchange. The Trusted Exchange Framework established a set of non-binding, foundational principles for trust policies and practices to help facilitate

On March 2, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action against California-based online counseling service BetterHelp, Inc. (“BetterHelp”) for allegedly sharing consumers’ health information, including sensitive information about mental health challenges, for advertising purposes in violation of Section 5 of the FTC Act.

This latest enforcement action comes just one month after

On February 1, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action (“Enforcement Action”) against California-based telehealth and prescription drug discount provider GoodRx Holdings, Inc. (“GoodRx”) for allegedly violating section 5 of the FTC Act and the Health Breach Notification Rule (“HBNR”). The proposed order (“Proposed Order”), which was brought by the U.S. Department

On November 9, the Department of Health and Human Services (HHS) issued a proposed rule to adopt updated versions of the retail pharmacy standards for electronic transactions adopted under the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and to broaden the applicability of the HIPAA subrogation transaction.

If

The Biden Administration is taking action to support access to reproductive health care in response to the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization. This is occurring as some states seek to restrict or criminalize abortion services. So far, there has been action by the White House, through an Executive Order, and by the U.S. Department of Health and Human Services (HHS), through guidance on HIPAA and privacy. Continue Reading Biden Acts to Protect Reproductive Health Care Services: Executive Order and Privacy Guidance

This article was originally published in Corporate Compliance Insights.

Both your company’s data supply chain and its physical version have fundamentally similar business risks. Given the consequences of unethical practices along both, enterprises can no longer ignore how data is sourced, how it is managed or where it is going.

While many organizations go to great lengths to monitor their physical supply chain, their data supply chain often gets short shrift. For any company interacting with large sets and various streams of information, this can represent a significant exposure to risk.

Since the first investigation under the U.S. FCPA concerning a third party acting on behalf of a U.S. company was initiated nearly 40 years ago, upholding integrity in global supply chains has garnered attention. Rightfully so, as compounding risks in physical production and movement of goods abound upstream (e.g., forced labor, conflict materials, environmental impact) and downstream (e.g., bribery, fraud, misuse).
Continue Reading Is Your Data Supply Chain Ethical? Don’t Restrict Due Diligence to Physical Operations.

On July 17, 2020, in a 2-1 decision, the  U.S. Court of Appeals for the D.C. Circuit upheld a Trump Administration rule that expands the scope of short-term limited duration insurance (STLDI) plans, affirming the lower court’s opinion that STLDI plans do not violate the Affordable Care Act. Ass’n for Cmty. Affiliated Plans v. U.S. Dep’t of Treasury , D.C. Cir. App., No. 19-05212 (July 17, 2020).

The rule’s genesis can be traced to an Executive Order issued in October 2017, which aimed to expand the availability of STLDI plans, seen by the Administration as more “appealing and affordable” than plans mandated by the ACA. The order tasked the Departments of Treasury, Labor, and Health and Human Services with expanding the duration of STLDI plans from three months to twelve. The changes also provide for renewals of those plans, which can amount to continuous coverage for up to three years.Continue Reading Appeals Court Upholds Trump Administration’s Short-term, Limited Duration Insurance Policy Rule

Payers, Providers, and Patients – Oh My! Is Crowell & Moring’s health care podcast, discussing legal and regulatory issues that affect health care entities’ in-house counsel, executives, and investors. In this episode, hosts Payal Nanavati and Joe Records sit down with Jodi Daniel and Ambassador Robert Holleyman to discuss how regulators—across the U.S. and the