Health Privacy and Security Pulse
Welcome to The Crowell Health Privacy and Security Pulse! Covering issues related to the privacy and security of health data, including legislation, regulations, cases, regulatory guidance, enforcement actions, and health data breaches, we are your destination for insights and commentary on important developments in the world of health privacy and security and what they mean for you and your organization.
Featured
On June 24, 2024, the Department of Health and Human Services (“HHS”) released a final rule (“Disincentives Final Rule”) establishing disincentives for certain healthcare providers that have committed information blocking. The information blocking disincentives directly impact Medicare-enrolled healthcare providers or suppliers including hospitals, critical access…
Continue Reading Healthcare Providers Who Engage in Information Blocking Will Face Disincentives Described in an HHS Final RuleHealth Privacy and Security Editors


The Latest
On June 27, 2023, the Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) issued a final rule (“OIG Final Rule”) that implements statutory provisions for its…
Continue Reading HHS-OIG Releases Final Rule Implementing Information Blocking PenaltiesOn May 17, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action (“Enforcement Action”) against Illinois-based Easy Healthcare Corporation (“Easy Healthcare”), which operates the Premom application, for allegedly violating…
Continue Reading FTC Announces Enforcement Action Against Ovulation Tracking App PremomONC’s Trusted Exchange Framework and Common Agreement (TEFCA) Announces First Cohort of Participants
On January 19, 2022, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) published the Trusted Exchange Framework and Common…
Continue Reading ONC’s Trusted Exchange Framework and Common Agreement (TEFCA) Announces First Cohort of ParticipantsOn March 2, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action against California-based online counseling service BetterHelp, Inc. (“BetterHelp”) for allegedly sharing consumers’ health information, including sensitive information…
Continue Reading FTC Enforcement Against Sharing Consumer Health Information ContinuesOn February 1, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action (“Enforcement Action”) against California-based telehealth and prescription drug discount provider GoodRx Holdings, Inc. (“GoodRx”) for allegedly violating…
Continue Reading FTC Imposes $1.5 Million Civil Penalty in First-of-Its-Kind Health Breach Notification Rule Enforcement ActionOn November 9, the Department of Health and Human Services (HHS) issued a proposed rule to adopt updated versions of the retail pharmacy standards for electronic transactions adopted under the…
Continue Reading HHS Issues Proposed HIPAA Rule to Adopt Updated Version of Retail Pharmacy Standards for Electronic TransactionsThe Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) recently issued a bulletin to highlight the obligations of Health Insurance Portability and Accountability Act…
Continue Reading HHS OCR Issues a Bulletin on HIPAA Requirements for Tracking Health Information When Using Online TechnologiesEarlier this week, the United States Department of Health and Human Services (“HHS”) released a Notice of Proposed Rulemaking (“NPRM”) that proposes to make sweeping changes to regulations at 42…
Continue Reading HHS Proposes Significant Amendments to Part 2 Regulations Governing the Confidentiality of Substance Use Disorder RecordsThe Biden Administration is taking action to support access to reproductive health care in response to the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization. This is…
Continue Reading Biden Acts to Protect Reproductive Health Care Services: Executive Order and Privacy GuidanceThe Russia-Ukraine conflict is increasing the risk of ransomware attacks and other cyber threats for U.S. companies, and those in the health care industry may be targeted. In a recent…
Continue Reading Increased Cyber Risk for Health Care Organizations Due to the Russia-Ukraine ConflictOn January 18, 2022, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) and the entity chosen as a contracting…
Continue Reading ONC Releases a Framework for Nationwide Health Information ExchangeThis article was originally published in Corporate Compliance Insights.
Both your company’s data supply chain and its physical version have fundamentally similar business risks. Given the consequences of unethical…
Continue Reading Is Your Data Supply Chain Ethical? Don’t Restrict Due Diligence to Physical Operations.