Photo of Nancy Halstead

Although it’s been 2 years since the Dobbs v. Jackson Women’s Health decision from the Supreme Court, various state legislatures and courts have tried to define the new post-Roe landscape. This effort includes new and revised laws to amend existing privacy laws to protect consumer health data. You can find out more on our

The U.S. Department of Health and Human Services (HHS) released companion interoperability and information blocking final rules that will significantly impact the way in which certain health care providers, health information technology (IT) developers, and health plans share patient information. For a discussion on major provisions of these rules, please read our post on our

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) released a new set of Health Insurance Portability and Accountability Act (HIPAA) FAQs  building upon prior guidance from OCR. The new FAQs discuss the applicability of HIPAA to covered entities and business associates that interact with health apps and explain when

A November 21, 2013 report published by the Office of the Inspector General (OIG) concluded that The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) is not fully enforcing the HIPAA Security Rule and laid out recommendations for the OCR to implement. The OIG’s report also concluded separately that OCR is

The long awaited final rule, released yesterday by the Office for Civil Rights (OCR) of the Department of Health and Human Services, modifies the HIPAA Privacy, Security, Breach and Enforcement Rules and is comprised of four final rules which implement the statutory requirements of the Health Information Technology for Economic and Clinical Health Act (HITECH)

As the year is coming to an end, the industry is speculating the release date of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) final rule. The final rule is expected to address modifications to the Privacy, Security, Enforcement, and Breach Notification Rules, and with the release date yet to be determined,

On March 13, 2012 the Department of Health and Human Services (HHS), Office of Civil Rights (OCR) announced its settlement with Blue Cross Blue Shield of Tennessee (BCBST), marking the first enforcement action resulting from a breach self-report required by HITECH’s Breach Notification Rule.

For a more detailed analysis, please click here.