By Sheila Sokolowski and Kate Black
In a joint letter sent to 130 hospital systems and telehealth providers, the Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services (HHS) warned health care providers, both those covered by HIPAA and those not, about their potential to violate the HIPAA Rules, FTC Act and FTC Health Breach Notification Rule (HBNR) when they use technology that tracks users’ activities on their websites and apps.
Read More
By Mason Fitch
The U.S. Department of Health & Human Services Office for Civil Rights (OCR) issued a new bulletin last week that may have significant implications for online activities of Covered Entities and Business Associates. The bulletin, “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates,” explains how HIPAA’s reach extends to information collected on websites or mobile apps, including information collected from a user who visits a HIPAA-regulated entity’s website but has no further interaction with that entity. While HIPAA-regulated entities have long understood that their ‘internal tools’ (ex: EHR’s, practice management, and clinical support software) must comply with HIPAA, the new bulletin makes it clear that information that is routinely collected by vendors on public-facing websites, apps, and web-based assets may be PHI as well.
Read More
By Mason Fitch
The Supreme Court’s reversal of Roe v. Wade amplifies attention to concerns around the privacy of abortion-related services, including the provision of healthcare, period tracking apps, and even payment methods and mobile location data. In a direct response to Roe’s reversal, the Department of Health and Human Services (HHS) released guidance underscoring the protections applicable to protected health information (PHI) relating to abortion and other reproductive care under the Health Insurance Portability & Accountability Act (HIPAA), which we outline below. HIPAA, however, is limited in scope and does not protect a vast swath of information relating to abortion care.
Read More
By Sheila Sokolowski
On Monday, June 14th the U.S. Department of Health and Human Services (HHS), issued guidance on how the HIPAA rules permit covered health plans to use remote communication technologies for audio-only telehealth.
Read More
By Sheila Sokolowski
On December 10, 2020, the Department of Health and Human Services (the Department) issued a Notice of Propose Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.
Read More