C&M Health Law

C&M Health Law

Analysis, commentary, and the latest developments in health care law and policy

Category Archives: HIPAA & Privacy

Subscribe to HIPAA & Privacy RSS Feed

New OCR Settlement Targets Safety Net Provider on Security Rule Deficiencies

Posted in Health IT, HIPAA & Privacy
On Wednesday, the U.S. Department of Health and Human Services, Office for Civil Rights announced a $400,000 settlement with Metro Community Provider Network arising from MCPN’s alleged failure to implement adequate security management processes to safeguard electronic protected health information in accordance with the Health Insurance Portability and Accountability Act Security Rule. This settlement followed… Continue Reading

Bringing Innovative Technology to Healthcare…What about HIPAA?

Posted in Health IT, HIPAA & Privacy
If you are a technology company developing products for the health market, you have probably heard about and maybe even been “warned” about HIPAA (the Health Insurance Portability and Accountability Act). If you are asking, “How can I avoid complying with HIPAA?” you might be asking the wrong question. Health care is almost 20 percent… Continue Reading

Blocking Access to Health Information May Violate HIPAA

Posted in Health IT, HIPAA & Privacy
The HHS Office of Civil Rights published a new FAQ response (OCR FAQ) detailing the agency’s position that generally information blocking will violate the HIPAA Privacy and Security Rules if it affects a covered entity’s access to its own protected health information (PHI) or its ability to respond to requests for access to PHI from… Continue Reading

OCR Announces Major HIPAA Enforcement Initiative

Posted in HIPAA & Privacy
The Department of Health & Human Services Office of Civil Rights (“OCR”) announced on August 18, 2016 that it is stepping up enforcement actions related to small breaches.  Although OCR investigates all reported breaches affecting more than 500 people, this new initiative will increase investigations of breaches affecting fewer than 500 people.  As OCR recognizes,… Continue Reading

Addressing Health Privacy and Security Gaps in ONC Report

Posted in Health IT, HIPAA & Privacy
On July 19th, the Office of the National Coordinator for Health Information Technology (“ONC”) released a report expressing concerns about major gaps in policies and oversight surrounding the access to, security, and privacy of health information held by certain mobile health (“mHealth”) technology companies and health social media.  While the report frames the issue well,… Continue Reading

Digital Health, Big Data, Cybersecurity, and Privacy – Four Key Takeaways from C&M’s Digital Health Strategies Conference

Posted in Health IT, HIPAA & Privacy
In late June, Crowell & Moring partnered with Accenture to host a comprehensive one-day conference on legal issues affecting the digital health landscape. The program covered a wide range of topics, some of which you can read more about via the following links: Developing Digital Health Platforms; the Health Care Economy’s Internet of Things; and… Continue Reading

6 Trends in the Health Care Economy’s Internet of Things

Posted in Events, Health IT, HIPAA & Privacy
Crowell & Moring and Accenture co-hosted a conference, “Fostering Innovative Digital Health Strategies,” in late-June. The program aimed to provide a broad analysis of the business and legal issues that must be addressed as health care organizations and technology companies consider innovative strategies to use digital health technologies. The first session of the conference, “Trends… Continue Reading

President Obama Addresses Precision Medicine, Health IT, Data Access, and Security

Posted in Health IT, HIPAA & Privacy
On February 25, President Obama addressed a small audience at the White House, identifying the need for patient participation in health care and the importance of individualizing treatments for a particular patient. Obama said that precision medicine can lead to reduced costs, better care, and a more efficient health care system.  He stated “the health… Continue Reading

HHS Proposes New Substance Abuse Confidentiality Rules, Solicits Comments

Posted in Health IT, HIPAA & Privacy
The U.S. Department of Health and Human Services (“HHS”) announced a proposed rule to modernize the federal substance abuse confidentiality rules set forth in 42 C.F.R. Part 2.  The proposed updates seek to address longstanding complaints from providers and Health Information Exchanges (“HIE”) that the highly stringent confidentiality rules often stymie patient care by limiting… Continue Reading

Senate Health IT Bill May Get Traction

Posted in Health IT, HIPAA & Privacy
A key event in Congress affecting health information technology occurred last week when two members of the Senate HELP Committee issued a discussion draft of their bipartisan legislation on health information technology (health IT).  This ambitious bill addresses many of the same areas as other recent bills, including information blocking, transparency, a star rating system… Continue Reading

HIPAA Guidance on Individuals’ Rights to Access Health Information

Posted in HIPAA & Privacy
On January 7, 2016, the HHS Office for Civil Rights released guidance on individuals’ right to access health information under the HIPAA Privacy Rule. The guidance clarifies areas of confusion and non-compliance by covered entities and business associates, particularly in light of the proliferation of electronic health records and electronic health information. Areas of emphasis… Continue Reading

HHS-OCR Announces Another HIPAA Security Rule-Related Settlement

Posted in Health IT, HIPAA & Privacy
Our colleagues at Data Law Insights have written about the HHS Office of Civil Rights’ $750,000 settlement with the University of Washington Medicine (“UWM”) announced this week.  This third settlement in as many weeks confirms that the security risk analysis continues to be a linchpin of OCR enforcement under the HIPAA Security Rule.  Indeed, the… Continue Reading

Recent OCR Settlements Highlight Continuing HIPAA Enforcement Trends

Posted in HIPAA & Privacy
Last week, the HHS Office of Civil Rights (OCR) announced a settlement that has far-reaching implications on the importance of complying with the HIPAA Security Rule where medical devices create and maintain electronic protected health information (ePHI).  See Data Law Insights for a post authored by Jodi Daniel, Elliot Golding, and Stephanie Willis for more… Continue Reading

Health Insurers Expected to Ramp Up Data Security

Posted in HIPAA & Privacy
Health insurers will be expected to establish security protocols for protecting consumer information from data breaches.  The National Association of Insurance Commissioners recently adopted principles to guide both insurers’ data protection activities and data breach notification policies, and regulatory oversight of those practices. Click to read more on Crowell & Moring’s Data Law Insights blog.… Continue Reading

DOL, HHS & Treasury Issue Additional Guidance Regarding Excepted Benefits

Posted in Employee Benefits, ERISA, Health Care Reform & ACA, HIPAA & Privacy, Mental Health Parity
On February 13, the Departments of Health and Human Services (“HHS”), Labor (“DOL”) and Treasury (collectively, the “Departments”) issued Part XXIII of their FAQs about Affordable Care Act implementation. This latest FAQ provides additional guidance regarding “excepted benefits,” i.e., benefits that are exempt from the portability rules under HIPAA as well as various requirements under… Continue Reading

What Corporate Counsel Need to Know in 2015 – Litigation and Regulatory Forecasts from Crowell & Moring

Posted in ERISA, Health Care Reform & ACA, HIPAA & Privacy, Litigation, Medicaid, Medical Loss Ratios, Medicare
Crowell & Moring’s 2015 Litigation and Regulatory Forecasts provide an in-depth look at the trends in the courts and in the regulatory agencies, both inside the Beltway and beyond, that will impact business in the coming year. The Litigation Forecast examines the latest litigation developments facing companies in areas ranging from health care and antitrust… Continue Reading

New Jersey Becomes Second State to Require Encrypting Certain Personal Information

Posted in HIPAA & Privacy
New Jersey Senate Bill No. 562 (“SB 562”), signed into law on January 9, 2015, will require health insurance carriers authorized to issue health benefits plans in New Jersey to encrypt personal information. The law applies to personal information maintained in “end user computer systems and computerized records transmitted across public networks” beginning on August… Continue Reading

HOOPS 2014: Legal Flashpoints and Developments

Posted in Antitrust, Fraud, Waste & Abuse, HIPAA & Privacy, Litigation, Medicare, Mental Health Parity
This year Crowell & Moring’s Healthcare Ounce of Prevention Seminar, (HOOPS), will focus on important legal and regulatory developments and their impact on the healthcare industry. Join us on October 27th and October 28th in Washington, DC as our healthcare attorneys and outside speakers share their perspectives on the latest developments in areas of interest… Continue Reading

FDA Publishes Cyber Guidance for Medical Devices

Posted in FDA, HIPAA & Privacy
On October 2, 2014, the FDA released a set of comprehensive guidelines governing the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. The guidelines are intended to provide direction for manufacturers of medical devices on how to appropriately safeguard devices from a potential security breach; particularly in light of the sensitive medical… Continue Reading

ONC Announces New EHR Certification Criteria

Posted in EHR, HIPAA & Privacy
Continuing to usher in a new wave of EHR technology changes, on September 11, 2014, the Office of the National Coordinator for Health Information Technology (“ONC”) adopted the “2014 Edition Release 2” final rule, which provides alternative criteria and approaches for the voluntary certification of heath information technology. The final rule, effective October 14, 2014[1],… Continue Reading

New HHS Rules Focus on Increased Flexibility, Improvements in the World of EHR Technology

Posted in EHR, HIPAA & Privacy
On September 4, 2014, the Department of Health and Human Services (“HHS”) published a final rule modifying the Medicare and Medicaid Electronic Health Record (“EHR”) Meaningful Use Incentive Program. The modification brings welcome change, allowing increased flexibility while also assuaging several provider concerns. The new rule, effective October 1, 2014, comes in response to numerous… Continue Reading

ACA Regulatory Preview: CRS Teases Upcoming ACA Rulemakings

Posted in Health Care Reform & ACA, HIPAA & Privacy, Mental Health Parity
The Congressional Research Service published a report detailing more than a dozen pending ACA-related rulemakings. The report comes on the heels of the Spring 2014 Unified Agenda and identifies 14 proposed rules and 17 final rules regarding the ACA that are expected during the next twelve months. Notable expected proposed rules include: CY 2016 Notice… Continue Reading

HIPAA Hammer Comes Down: HHS OCR Announces Settlements in Laptop Thefts

Posted in HIPAA & Privacy
The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced in an April 22, 2014, press release that two separate entities—Concentra Health Services (“Concentra”) and QCA Health Plan, Inc. (“QCA”)—collectively have paid almost $2 million to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)… Continue Reading

GAO Reports HITECH Act Implementation Remains Stymied

Posted in HIPAA & Privacy
In a March 2014 report, the United States Government Accountability Office (GAO) identified major and on-going challenges with the practical implementation of the Health Information Technology for Economic and Clinical Health (HITECH) Act. The HITECH Act provides funding to promote the adoption and “meaningful use” of health information technology (HIT), as well as certified electronic… Continue Reading