Seeking to formalize its Sept. 15, 2021, Statement of the Commission on Breaches by Health Apps and Other Connected Devices, the Federal Trade Commission proposed broadening the Health Breach Notification Rule to cover “most health apps and similar technologies that are not covered by HIPAA.” Read on for details about this proposed rule, which is
Health Information
HHS Issues New HIPAA Guidance on Audio-Only Telehealth Services
During the pandemic, audio-only telehealth was a critical tool to provide care to populations that could not use video during telehealth sessions, due to factors such as lack of financial resources, disability or lack of sufficient broadband coverage.
New HHS guidance outlines steps covered entities should take to ensure that their audio-only telehealth practices are…
OCR Seeks Input on “Recognized Security Practices” as Mitigating Factor for HIPAA and HITECH Fines
In 2021, the Health Information Technology for Economic and Clinical Health Act (HITECH) was amended to add “recognized cybersecurity practices” as a mitigating factor when determining fines, audits and remedies against covered entities and business associates for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Department of Health and Human…
FTC Issues Reminder on the Breach Notification Requirements by Health Apps and Other Connected Devices and Their Service Providers
On Sept. 15, the Federal Trade Commission issued a policy statement emphasizing that developers of health apps and other connected devices and their service providers must meet breach notification requirements under the Health Breach Notification Rule, including a rapid 10-day notice period to the FTC and a 60-day notice period to individuals and the media.…
As HIPAA, HITECH Undergo Modernization, NIST Seeks Comment on Security Standard Guidance
On January 21, 2021, the Department of Health and Human Services (HHS) published proposed modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), discussed in a previous McGuireWoods’ post. The comment period for these proposals recently ended on May 6, 2021, and HHS received almost 1500 comments from interested stakeholders. If finalized, these proposals will require HIPAA-covered entities and business associates to implement many changes, including updates to their policies, procedures, security standards, notices of privacy practices, authorization and disclosure forms, and business associate agreements. In the age of digital targeting and ransomware, possibly the most important of these is a change to security standards.
…
Continue Reading As HIPAA, HITECH Undergo Modernization, NIST Seeks Comment on Security Standard Guidance
HHS Extends Public Comment Period for Proposed HIPAA Privacy Rule Changes
On March 9, the Department of Health and Human Services announced it was extending until May 6, 2021, the comment period for proposed changes to regulations implementing the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act of 2009.
Read our complete alert to learn…
Proceeding With Biometric Caution: Illinois Courts to Decide Critical BIPA Issues
2021 is shaping up to be a groundbreaking year for employment litigation topics, and Illinois’ Biometric Information Privacy Act (BIPA) is no exception. State and federal appellate courts in Illinois are poised to decide several open issues, including the proper limitations period, whether the Workers Compensation Act pre-empts BIPA claims and whether BIPA liquidated damages…
OCR Continues to Crack Down on Right of Access Violations
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and specifically the Privacy Rule under HIPAA’s implementing regulations, patients have a right to access their health information held by health care providers. In 2016, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance stressing the importance of this right. The OCR also implemented a HIPAA Right of Access Initiative as an enforcement priority in 2019, and the OCR has since actively pursued violations under the right of access standard.
…
Continue Reading OCR Continues to Crack Down on Right of Access Violations
Department of Health and Human Services Announces Proposed Changes to the HIPAA Privacy Rule
On January 21, 2021, the Department of Health and Human Services (HHS) published proposed modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH).
The proposed rule is part of HHS’ Regulatory Sprint to Coordinated Care, which seeks to promote value-based healthcare by examining federal regulations that impede efforts among healthcare providers and health plans to better coordinate care for patients. Specifically, HHS aims to amend the regulations implemented pursuant to HIPAA and HITECH where the rules present barriers to coordinated care and case management or where they otherwise impose burdens on covered entities that do not increase individuals’ privacy protections.…
Information Blocking Compliance: What Providers Need To Know As Deadlines Approach
On November 4, 2020, the Office of the National Coordinator for Health Information Technology (ONC) published an Interim Final Rule with Comment Period (IFC) that delays compliance dates necessary to meet certain requirements related to information blocking initially finalized in the ONC Cures Act Final Rule (Final Rule) in March of 2020. The Final Rule implemented health IT provisions enacted under the 21st Century Cures Act (the Cures Act) to achieve ubiquitous interoperability among health IT systems and to improve patient’s ability to access their electronic health information (EHI). Among these provisions is a prohibition of information blocking. This article will define information blocking, provide and explain exceptions to such practice, detail the IFC’s deadline extensions, and highlight key compliance concerns and solutions regarding these reforms.
Information Blocking
The term “Information Blocking” is broadly defined by the Cures Act as any practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI when the entity knows (or should know) that it is likely to do so. The Cures Act specifies four types of “actors” that must comply with the information blocking rule:
- Healthcare Providers
- Health information technology companies that have a certified health IT system
- Health information networks (HINs)
- Health information exchanges (HIEs)
…
Continue Reading Information Blocking Compliance: What Providers Need To Know As Deadlines Approach