Category: HIPAA

HIPAA on the Horizon in the New Year: Important Lessons from an Active 2023 and Regulatory Initiatives to Watch for in 2024

2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain a challenge for HIPAA-covered entities as well as for their business associates. 2023 brought a large number of important HIPAA-related developments and lessons-learned...

Minnesota Supreme Court Holds That The Minnesota Health Records Act Allows Release of Health Records For Permitted Purposes Under HIPAA

On October 11, 2023 the Minnesota Supreme Court issued an opinion in Schneider v. Children’s Health Care holding that the Minnesota Health Records Act (“MHRA”) provision allowing health care providers to release health records when there is “specific authorization in law” encompasses all operative law in Minnesota, including permitted disclosures under the federal HIPAA privacy...

Broad New Washington Privacy Law Requires Immediate Compliance Action

The Dorsey Health Law blog team keeps readers up-to-date on relevant topics in the health care industry. In order to do so, the members of the blog team communicate regularly with other practice groups within the firm for applicable updates from client publications. For this post, we would like to thank Dorsey’s Ross D’Emanuele, Jamie...

HHS OCR Settles HIPAA Investigation with Business Associate for $350,000

Over the past decade, the number of health care data breaches reported to the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has increased dramatically. From 2009 to 2022, over 5,000 data breaches affecting 500 or more records were reported to OCR, accounting for the exposure of over 380 million health...

Tracking Online User Activity: HIPAA and Other Legal Risks

The use of tracking technologies on websites and mobile applications (e.g., cookies) has become largely ubiquitous in our technology-driven world. Health care providers and organizations, for example, may use tracking technologies to identify their patients’ care needs and improve patient experience. As the use of tracking technologies burgeons, so do concerns from individuals about how...

FTC Takes First Enforcement Action for Violation of the Health Breach Notification Rule – A Federal Health Privacy Rule Beyond HIPAA

On February 1, 2023, the Federal Trade Commission (FTC) filed a complaint in the U.S. District Court for the Northern District of California alleging that digital health platform GoodRx violated the FTC Act by repeatedly sharing personal health information with advertising companies and platforms, such as Facebook and Google, and failed to report the unauthorized...

Living in a Virtual World: The Post-Pandemic Future of Telehealth

The COVID-19 pandemic required health care providers of all sizes to make drastic changes to the mode of patient care delivery. Telehealth quickly emerged as a safe alternative to in-person patient visits, and many providers quickly transitioned to virtual services. The pandemic-initiated expansion of telehealth was rapid and significant, but the pandemic likely accelerated existing...

The “Regulatory Sprint to Coordinated Care” – Overview and Links to Further Resources from Dorsey & Whitney

In 2018, the U.S. Department of Health and Human Services (“HHS”) launched the “Regulatory Sprint to Coordinated Care” to accelerate a transformation of the healthcare system, with a focus on removing “unnecessary obstacles” to coordinated care (the “Regulatory Sprint”). Several HHS agencies requested comments and information from the public and have published new or proposed...

Is Data the Next Frontier in ERISA Litigation?

Health and retirement benefit plans subject to the Employee Retirement Income Security Act (“ERISA”) have troves of personal information regarding plan participants and their beneficiaries—e.g., participants’ age, marital status, personal assets, medical and prescription drug claim data, and medical history. Although the Health Insurance Portability & Accountability Act (“HIPAA”) regulates treatment of protected health information,...

The Regulatory Sprint Catches up to HIPAA: New Proposed HIPAA Rules

Today, the Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) issued a Notice of Proposed Rulemaking (“NPRM”) which proposes significant changes to the Health Insurance Portability and Accountability Act (“HIPAA”) and to the Health Information Technology for Economic and Clinical Health Act (“HITECH”) Privacy Rule (the “Privacy Rule”).  The NPRM includes...