HIPAA & Privacy

Subscribe to HIPAA & Privacy

On May 17, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action (“Enforcement Action”) against Illinois-based Easy Healthcare Corporation (“Easy Healthcare”), which operates the Premom application, for allegedly violating Section 5 of the FTC Act and the Health Breach Notification Rule (“HBNR”). Easy Healthcare has developed, advertised, and distributed a mobile application called the Premom Ovulation Tracker (“Premom”) that allows users to input and track various types of personal and health information. In the complaint (“Complaint”), the FTC alleges that Easy Healthcare deceived users by disclosing users’ sensitive health data with third parties and failed to notify consumers of these unauthorized disclosures in violation of the HBNR. The proposed order (“Proposed Order”), which was brought by the U.S. Department of Justice on behalf of the FTC, imposes a civil penalty of $100,000 and prohibits Easy Healthcare from sharing user personal health data with third parties for advertising, among other requirements. As part of a related action, Easy Healthcare has agreed to pay an additional $100,000 to Connecticut, the District of Columbia, and Oregon for violating their respective laws.

Continue Reading FTC Announces Enforcement Action Against Ovulation Tracking App Premom

On January 19, 2022, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) published the Trusted Exchange Framework and Common Agreement (TEFCA) for health information exchange. The Trusted Exchange Framework established a set of non-binding, foundational principles for trust policies and practices to help facilitate

On March 2, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action against California-based online counseling service BetterHelp, Inc. (“BetterHelp”) for allegedly sharing consumers’ health information, including sensitive information about mental health challenges, for advertising purposes in violation of Section 5 of the FTC Act.

This latest enforcement action comes just one month after

On February 1, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action (“Enforcement Action”) against California-based telehealth and prescription drug discount provider GoodRx Holdings, Inc. (“GoodRx”) for allegedly violating section 5 of the FTC Act and the Health Breach Notification Rule (“HBNR”). The proposed order (“Proposed Order”), which was brought by the U.S. Department

On November 9, the Department of Health and Human Services (HHS) issued a proposed rule to adopt updated versions of the retail pharmacy standards for electronic transactions adopted under the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and to broaden the applicability of the HIPAA subrogation transaction.

If

The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) recently issued a bulletin to highlight the obligations of Health Insurance Portability and Accountability Act of 1996 (HIPAA) on regulated entities under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies. The bulletin defines

The Biden Administration is taking action to support access to reproductive health care in response to the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization. This is occurring as some states seek to restrict or criminalize abortion services. So far, there has been action by the White House, through an Executive Order, and by the U.S. Department of Health and Human Services (HHS), through guidance on HIPAA and privacy. 

Continue Reading Biden Acts to Protect Reproductive Health Care Services: Executive Order and Privacy Guidance

This article was originally published in Corporate Compliance Insights.

Both your company’s data supply chain and its physical version have fundamentally similar business risks. Given the consequences of unethical practices along both, enterprises can no longer ignore how data is sourced, how it is managed or where it is going.

While many organizations go to great lengths to monitor their physical supply chain, their data supply chain often gets short shrift. For any company interacting with large sets and various streams of information, this can represent a significant exposure to risk.

Since the first investigation under the U.S. FCPA concerning a third party acting on behalf of a U.S. company was initiated nearly 40 years ago, upholding integrity in global supply chains has garnered attention. Rightfully so, as compounding risks in physical production and movement of goods abound upstream (e.g., forced labor, conflict materials, environmental impact) and downstream (e.g., bribery, fraud, misuse).
Continue Reading Is Your Data Supply Chain Ethical? Don’t Restrict Due Diligence to Physical Operations.

On July 17, 2020, in a 2-1 decision, the  U.S. Court of Appeals for the D.C. Circuit upheld a Trump Administration rule that expands the scope of short-term limited duration insurance (STLDI) plans, affirming the lower court’s opinion that STLDI plans do not violate the Affordable Care Act. Ass’n for Cmty. Affiliated Plans v. U.S. Dep’t of Treasury , D.C. Cir. App., No. 19-05212 (July 17, 2020).

The rule’s genesis can be traced to an Executive Order issued in October 2017, which aimed to expand the availability of STLDI plans, seen by the Administration as more “appealing and affordable” than plans mandated by the ACA. The order tasked the Departments of Treasury, Labor, and Health and Human Services with expanding the duration of STLDI plans from three months to twelve. The changes also provide for renewals of those plans, which can amount to continuous coverage for up to three years.

Continue Reading Appeals Court Upholds Trump Administration’s Short-term, Limited Duration Insurance Policy Rule

Payers, Providers, and Patients – Oh My! Is Crowell & Moring’s health care podcast, discussing legal and regulatory issues that affect health care entities’ in-house counsel, executives, and investors. In this episode, hosts Payal Nanavati and Joe Records sit down with Jodi Daniel and Ambassador Robert Holleyman to discuss how regulators—across the U.S. and the