Health Privacy and Security Pulse
Welcome to The Crowell Health Privacy and Security Pulse! Covering issues related to the privacy and security of health data, including legislation, regulations, cases, regulatory guidance, enforcement actions, and health data breaches, we are your destination for insights and commentary on important developments in the world of health privacy and security and what they mean for you and your organization.
Featured
Two recent federal cases are providing insight into what to expect in state court litigation related to information blocking, defined in the 21st Century Cures Act (Cures Act) as a practice that interferes with the access, exchange, or use of electronic health information.
On March…
Continue Reading Recent Federal Cases on Information Blocking Violations Pave Way for State Court Claims and Shed Light on Manner ExceptionHealth Privacy and Security Editors
The Latest
Last week, the Office for Civil Rights (“OCR”) issued two pieces of guidance on the privacy and security of protected health information (“PHI”) when using telehealth services. One of the…
Continue Reading OCR Issues Guidance to Providers and Patients on Telehealth Privacy and SecurityOn June 27, 2023, the Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) issued a final rule (“OIG Final Rule”) that implements statutory provisions for its…
Continue Reading HHS-OIG Releases Final Rule Implementing Information Blocking PenaltiesONC’s Trusted Exchange Framework and Common Agreement (TEFCA) Announces First Cohort of Participants
On January 19, 2022, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) published the Trusted Exchange Framework and Common…
Continue Reading ONC’s Trusted Exchange Framework and Common Agreement (TEFCA) Announces First Cohort of ParticipantsOn March 2, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action against California-based online counseling service BetterHelp, Inc. (“BetterHelp”) for allegedly sharing consumers’ health information, including sensitive information…
Continue Reading FTC Enforcement Against Sharing Consumer Health Information ContinuesOn February 1, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action (“Enforcement Action”) against California-based telehealth and prescription drug discount provider GoodRx Holdings, Inc. (“GoodRx”) for allegedly violating…
Continue Reading FTC Imposes $1.5 Million Civil Penalty in First-of-Its-Kind Health Breach Notification Rule Enforcement ActionOn November 9, the Department of Health and Human Services (HHS) issued a proposed rule to adopt updated versions of the retail pharmacy standards for electronic transactions adopted under the…
Continue Reading HHS Issues Proposed HIPAA Rule to Adopt Updated Version of Retail Pharmacy Standards for Electronic TransactionsEarlier this week, the United States Department of Health and Human Services (“HHS”) released a Notice of Proposed Rulemaking (“NPRM”) that proposes to make sweeping changes to regulations at 42…
Continue Reading HHS Proposes Significant Amendments to Part 2 Regulations Governing the Confidentiality of Substance Use Disorder RecordsThe Biden Administration is taking action to support access to reproductive health care in response to the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization. This is…
Continue Reading Biden Acts to Protect Reproductive Health Care Services: Executive Order and Privacy GuidanceThe Russia-Ukraine conflict is increasing the risk of ransomware attacks and other cyber threats for U.S. companies, and those in the health care industry may be targeted. In a recent…
Continue Reading Increased Cyber Risk for Health Care Organizations Due to the Russia-Ukraine ConflictOn January 18, 2022, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) and the entity chosen as a contracting…
Continue Reading ONC Releases a Framework for Nationwide Health Information ExchangeThis article was originally published in Corporate Compliance Insights.
Both your company’s data supply chain and its physical version have fundamentally similar business risks. Given the consequences of unethical…
Continue Reading Is Your Data Supply Chain Ethical? Don’t Restrict Due Diligence to Physical Operations.On May 14, 2021, CMS published FAQs addressing questions that have been raised regarding the Interoperability and Patient Access final rule published May 2020. CMS is careful to note that…
Continue Reading CMS Issues First FAQs on the CMS Interoperability and Patient Access Rule