Elizabeth F. Hodge

Photo of Elizabeth F. Hodge

A former president of the Florida Academy of Healthcare Attorneys, Betsy Hodge concentrates her practice on compliance and regulatory issues affecting health care providers and payers and employer-sponsored health plans. Betsy has significant experience with HIPAA and the HITECH Act and assists covered entities and business associates in complying with these laws through the development of policies and procedures, workforce training, analysis and notification of breaches, and assisting with government audits and investigations.  In addition, she counsels her clients on regulatory issues, including state and federal fraud and abuse laws.

 

Subscribe to all posts by Elizabeth F. Hodge

New Year, New HIPAA Security Rule Requirements? OCR Proposes Sweeping Changes for HIPAA Security Rule To Bolster Cybersecurity

By Elizabeth F. Hodge, Ameer Al-Khudari and Jordan Cohen on Posted in HIPAA, Privacy, and Data Security
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently proposed a sweeping rewrite of the HIPAA Security Rule that, if finalized, will require that many Covered Entities and their Business Associates (Regulated Entities) invest significant resources to comply with new, less flexible requirements designed to strengthen the cybersecurity posture … Continue Reading

NYDFS Highlights Strategies to Combat AI Cybersecurity Risks

By Jordan Cohen, Elizabeth F. Hodge and Ameer Al-Khudari on Posted in Digital Health, HIPAA, Privacy, and Data Security
The increased use of artificial intelligence (AI) in the banking, insurance, and financial services industries has led the New York State Department of Financial Services (NYDFS or Department) to publish an Industry Letter on October 16, 2024, that highlights cybersecurity risks resulting from the use of AI, the dangers posed by threat actors utilizing AI, … Continue Reading

New York Focuses on Healthcare Cybersecurity: Recent Regulatory and Enforcement Activities

By Jordan Cohen, Elizabeth F. Hodge and Ameer Al-Khudari on Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians, Uncategorized
The healthcare sector has seen an alarming uptick in cybersecurity incidents, including ransomware attacks, in recent years. In response to these cybersecurity threats, New York State is ramping-up efforts to protect patient data by issuing new cybersecurity regulations governing “general hospitals” and by requiring that a healthcare provider spend $2.25 million to improve its internal … Continue Reading

FTC’s Updated Health Breach Notification Rule Puts Health App Developers on Notice

By Jordan Cohen, Elizabeth F. Hodge and Danielle C. Gordet on Posted in Digital Health, HIPAA, Privacy, and Data Security, Technology
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30, 2024, the FTC published its final rule implementing the HBNR. And so begins a new robust enforcement landscape for health and wellness … Continue Reading

Attention, Group Health Plans: New HIPAA Privacy Rule Governing Reproductive Health Care Information Imposes Obligations, Deadlines

By Elizabeth F. Hodge and Beth Alcalde on Posted in HIPAA, Privacy, and Data Security
It is critical for employers and plan fiduciaries/administrators to stay informed of HIPAA privacy and security-related legal developments because most employer sponsored group health plans — regardless of the employer’s industry or size — are considered covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Therefore, individually identifiable medical information that … Continue Reading

On the Basis of Sex…Discrimination in Group Health Plans and What Employers Should Know

By Beth Alcalde and Elizabeth F. Hodge on Posted in Health Plans
In just a few days’ time, recently promulgated federal final rules addressing sex-based nondiscrimination in the administration of health care benefits have created a flurry of healthcare industry activity. The angst arises from providers, payers, and certain health plans alike. While the spotlight shines brightest on healthcare providers and health insurers, the focus of this … Continue Reading

OCR Will Focus on You if You Don’t Focus on Cybersecurity

By Elizabeth F. Hodge and Danielle C. Gordet on Posted in Health Insurers & Managed Care Organizations, Healthcare Law, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians, Technology
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity vulnerabilities as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA Rules). On October 31, 2023, … Continue Reading

OCR and FTC Issue Warning to Hospital Systems and Telehealth Providers about Tracking Technologies

By Elizabeth F. Hodge and Jordan Cohen on Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Technology
On July 20, 2023, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) announced they were sending a joint letter to approximately 130 unidentified hospital systems and telehealth providers highlighting the agencies’ concerns about the use of tracking technologies on websites and mobile apps in … Continue Reading

OIG Issues Information Blocking Penalties Final Rule: Health IT Developers and Health Information Exchanges/Networks Have a Million Reasons to Care

By Jordan Cohen, Noam Fischman and Elizabeth F. Hodge on Posted in Electronic Health Records & Medical Records, Fraud & Abuse & False Claims Act, Technology
On June 27, 2023, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued its long-anticipated final rule amending the OIG’s civil monetary penalty (CMP) regulations as they relate to information blocking (CMP Final Rule or Rule). The CMP Final Rule was published in the Federal Register on July 3, 2023. … Continue Reading

Health Apps Beware: FTC Clarifies Health Breach Notification Rule with Significant Proposed Changes

By Jordan Cohen, Elizabeth F. Hodge and Lauren Gandle on Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Pharmacy, Drugs, Medical Devices & Equipment, Technology
Direct-to-consumer health and wellness applications are forewarned: the Federal Trade Commission (FTC) is proposing changes to the Health Breach Notification Rule (HBNR), 16 C.F.R. part 318, that, if finalized, would cement the HBNR’s applicability to a broad swath of direct-to-consumer health and wellness applications (apps) and confirm that a breach of security includes not only … Continue Reading

OCR’s Proposed Rule Finds Fertile Ground for Enhanced Reproductive Privacy Protection

By Jordan Cohen, Elizabeth F. Hodge and Lauren Gandle on Posted in Health Plans, Healthcare Law, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians
The Department of Health and Human Services Office for Civil Rights (OCR) issued a proposed rule on April 17, 2023, to amend provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to strengthen privacy protections for individuals’ protected health information (PHI) related to reproductive healthcare (the Proposed Rule). The Proposed Rule would … Continue Reading

All Good Things Must Come to an End: The Expiration of OCR’s Enforcement Discretion

By Lauren Gandle, Elizabeth F. Hodge and Jordan Cohen on Posted in Uncategorized
On April 11, 2023, the Department of Health and Human Services’ Office for Civil Rights (OCR) confirmed that four notifications of enforcement discretion regarding enforcement of the HIPAA Privacy, Security, and Breach Notification Rules (the HIPAA rules) during the COVID-19 public health emergency (PHE) will expire at the end of the PHE.1 The notifications, which … Continue Reading

The FTC Sends Another Warning to Digital Healthcare Platforms About Use of Tracking Pixels

By Jordan Cohen, Elizabeth F. Hodge and Lauren Gandle on Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Pharmacy, Drugs, Medical Devices & Equipment, Technology
The Federal Trade Commission (FTC) continues to prioritize the protection of consumers’ digital health information. The agency has demonstrated this commitment through enforcement actions against GoodRx and BetterHelp for sharing consumer health information for advertising purposes (see our blog posts on each respective action here and here), and in a post published by the FTC … Continue Reading

FTC Cracks Down on BetterHelp’s Sharing of Health Information for Advertising 

By Jordan Cohen, Elizabeth F. Hodge and Lauren Gandle on Posted in Health Care Providers, HIPAA, Privacy, and Data Security, Pharmacy, Drugs, Medical Devices & Equipment, Technology
Following its February settlement with GoodRx, the Federal Trade Commission (FTC) has fired another shot across the bow in its ongoing campaign to protect consumers’ digital health information. Earlier this month the FTC announced a consent order with BetterHelp, Inc., an online mental health counseling service, to resolve alleged violations of the Federal Trade Commission … Continue Reading

Healthcare Providers: Add OCR’s Latest Right of Access Settlements to Your Summer Reading List

By Elizabeth F. Hodge and Lauren Gandle on Posted in Electronic Health Records & Medical Records, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians
The Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) announced on July 15, 2022, that it has resolved 11 investigations conducted under the Health Insurance Portability and Accountability Act (“HIPAA”) Right of Access Initiative. These settlements remind providers that, as OCR Director Lisa J. Pino stated, “OCR is … Continue Reading

OCR Releases Guidance on HIPAA Compliance When Providing Audio-Only Telehealth

By Elizabeth F. Hodge and Lauren Gandle on Posted in Health Insurers & Managed Care Organizations, Healthcare Law, HIPAA, Privacy, and Data Security, Hospitals & Health Systems
The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) recently released new guidance (the “Guidance”) to help ensure that individuals may continue to benefit from audio-only telehealth services and clarify for health care providers and health plans how they can provide such services while complying with the HIPAA Privacy, Security, … Continue Reading

Must Watch Summer Viewing Coming Soon: OCR’s Upcoming Video Presentation on the HITECH Act’s Recognized Security Practices

By Elizabeth F. Hodge on Posted in Health Care Providers, Healthcare Law, Hospitals & Health Systems
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced June 10, 2022 that it is producing a video presentation on “recognized security practices” as set forth in the recent amendment of the Health Information Technology for Economic Health Act (HITECH Act) and is seeking questions from the public that … Continue Reading

Help Wanted: OCR Seeks Public Input on “Recognized Security Practices” and Sharing Settlements with Harmed Individuals Under the HITECH Act

By Elizabeth F. Hodge on Posted in Healthcare Law, HIPAA, Privacy, and Data Security
Covered entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have the chance to provide input on two amendments to the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”). The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) recently … Continue Reading

CMS Is Here To Help Healthcare Entities Comply with Its Vaccination Rule

By Kirk S. Davis and Elizabeth F. Hodge on Posted in Healthcare Law, Hospitals & Health Systems, Physicians
The Centers for Medicare and Medicaid Services (“CMS”) recently published an infographic to help Medicare and Medicaid facilities and providers determine if they or some members of their workforce are subject to the Omnibus Health Care Staff Vaccination Interim Final Rule (“Vaccine Rule”).  CMS has also issued FAQs to assist healthcare providers in assessing whether … Continue Reading

Biden Administration Unveils Long-Awaited COVID-19 Rules For Large Employers and Healthcare Workers

By Elizabeth F. Hodge and Andrew C. Karter on Posted in Health Care Providers, Healthcare Law, Healthcare Litigation, HIPAA, Privacy, and Data Security, Hospitals & Health Systems
The wait is over for employers seeking clarity on the details of the Biden Administration’s vaccine and testing rules for private employers, first announced by President Biden in early September and now slated to take effect alongside federal contractor vaccine requirements on January 4, 2022. The first rule, issued by the Occupational Safety and Health … Continue Reading

FTC Warns Health App Vendors: Comply with the Health Breach Notification Rule or Pay the Penalty!

By Elizabeth F. Hodge and Christy S. Hawkins on Posted in HIPAA, Privacy, and Data Security
Vendors of health applications (“health apps”) and connected devices that collect or use individuals’ health information, along with their service providers, are now on notice that they must provide timely notice to consumers and the Federal Trade Commission (FTC) when there is a security breach compromising health information. In response to the proliferation of health … Continue Reading

Medicare & Medicaid Facilities Are Put On Notice: Employees Must Be Vaccinated

By Elizabeth F. Hodge, Danielle C. Gordet and Karen M. Buesing on Posted in Healthcare Law, Healthcare Litigation, Hospitals & Health Systems, Physicians
Medicare and Medicaid certified facilities will be required to ensure that their employees are vaccinated for COVID-19, the Centers for Medicare & Medicaid Services (CMS) announced on September 9, 2021. Healthcare providers with 100 or more employees also may be subject to a forthcoming Emergency Temporary Standard (“ETS”) from the U.S. Department of Labor’s Occupational … Continue Reading

Group Health Plan Sponsors are Getting Serious About Pricing Transparency – Are You Keeping Up?

By Amber Roberts, Elizabeth F. Hodge, Bruce D. Platt, Thomas A. Range and Beth Alcalde on Posted in Health Care Providers, Health Insurers & Managed Care Organizations, Healthcare Law, Hospitals & Health Systems, Physicians
In early July, the Department of Health and Human Services (HHS), the Department of Labor (Labor), and the Department of the Treasury (Treasury) (collectively, the Departments), along with the Office of Personnel Management (OPM) released an interim final rule related to the No Surprises Act, legislation designed to protect patients from unexpected medical bills. The … Continue Reading

OIG Weighs In On COVID-19 Vaccination Incentives

By Elizabeth F. Hodge on Posted in Accountable Care Organizations, Health Care Providers, Health Insurers & Managed Care Organizations, Healthcare Law, Hospitals & Health Systems, Physicians
The media has widely reported that several governmental, non-profit, and private organizations, including entities in the healthcare sector, are offering a variety of incentives to encourage more individuals to take the COVID-19 vaccine. While this approach may increase the number of vaccinated individuals, it can also implicate the healthcare fraud and abuse laws when Federal … Continue Reading
LexBlog