Elizabeth F. Hodge

Photo of Elizabeth F. Hodge

A former president of the Florida Academy of Healthcare Attorneys, Betsy Hodge concentrates her practice on compliance and regulatory issues affecting health care providers and payers and employer-sponsored health plans. Betsy has significant experience with HIPAA and the HITECH Act and assists covered entities and business associates in complying with these laws through the development of policies and procedures, workforce training, analysis and notification of breaches, and assisting with government audits and investigations.  In addition, she counsels her clients on regulatory issues, including state and federal fraud and abuse laws.

 

Subscribe to all posts by Elizabeth F. Hodge

NYDFS Highlights Strategies to Combat AI Cybersecurity Risks

The increased use of artificial intelligence (AI) in the banking, insurance, and financial services industries has led the New York State Department of Financial Services (NYDFS or Department) to publish an Industry Letter on October 16, 2024, that highlights cybersecurity risks resulting from the use of AI, the dangers posed by threat actors utilizing AI, … Continue Reading

New York Focuses on Healthcare Cybersecurity: Recent Regulatory and Enforcement Activities

The healthcare sector has seen an alarming uptick in cybersecurity incidents, including ransomware attacks, in recent years. In response to these cybersecurity threats, New York State is ramping-up efforts to protect patient data by issuing new cybersecurity regulations governing “general hospitals” and by requiring that a healthcare provider spend $2.25 million to improve its internal … Continue Reading

FTC’s Updated Health Breach Notification Rule Puts Health App Developers on Notice

The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30, 2024, the FTC published its final rule implementing the HBNR. And so begins a new robust enforcement landscape for health and wellness … Continue Reading

Attention, Group Health Plans: New HIPAA Privacy Rule Governing Reproductive Health Care Information Imposes Obligations, Deadlines

It is critical for employers and plan fiduciaries/administrators to stay informed of HIPAA privacy and security-related legal developments because most employer sponsored group health plans — regardless of the employer’s industry or size — are considered covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Therefore, individually identifiable medical information that … Continue Reading

On the Basis of Sex…Discrimination in Group Health Plans and What Employers Should Know

In just a few days’ time, recently promulgated federal final rules addressing sex-based nondiscrimination in the administration of health care benefits have created a flurry of healthcare industry activity. The angst arises from providers, payers, and certain health plans alike. While the spotlight shines brightest on healthcare providers and health insurers, the focus of this … Continue Reading

OCR Will Focus on You if You Don’t Focus on Cybersecurity

With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity vulnerabilities as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA Rules). On October 31, 2023, … Continue Reading

OCR and FTC Issue Warning to Hospital Systems and Telehealth Providers about Tracking Technologies

On July 20, 2023, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) announced they were sending a joint letter to approximately 130 unidentified hospital systems and telehealth providers highlighting the agencies’ concerns about the use of tracking technologies on websites and mobile apps in … Continue Reading

OIG Issues Information Blocking Penalties Final Rule: Health IT Developers and Health Information Exchanges/Networks Have a Million Reasons to Care

On June 27, 2023, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued its long-anticipated final rule amending the OIG’s civil monetary penalty (CMP) regulations as they relate to information blocking (CMP Final Rule or Rule). The CMP Final Rule was published in the Federal Register on July 3, 2023. … Continue Reading

Health Apps Beware: FTC Clarifies Health Breach Notification Rule with Significant Proposed Changes

Direct-to-consumer health and wellness applications are forewarned: the Federal Trade Commission (FTC) is proposing changes to the Health Breach Notification Rule (HBNR), 16 C.F.R. part 318, that, if finalized, would cement the HBNR’s applicability to a broad swath of direct-to-consumer health and wellness applications (apps) and confirm that a breach of security includes not only … Continue Reading

OCR’s Proposed Rule Finds Fertile Ground for Enhanced Reproductive Privacy Protection

The Department of Health and Human Services Office for Civil Rights (OCR) issued a proposed rule on April 17, 2023, to amend provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to strengthen privacy protections for individuals’ protected health information (PHI) related to reproductive healthcare (the Proposed Rule). The Proposed Rule would … Continue Reading

All Good Things Must Come to an End: The Expiration of OCR’s Enforcement Discretion

On April 11, 2023, the Department of Health and Human Services’ Office for Civil Rights (OCR) confirmed that four notifications of enforcement discretion regarding enforcement of the HIPAA Privacy, Security, and Breach Notification Rules (the HIPAA rules) during the COVID-19 public health emergency (PHE) will expire at the end of the PHE.1 The notifications, which … Continue Reading

The FTC Sends Another Warning to Digital Healthcare Platforms About Use of Tracking Pixels

The Federal Trade Commission (FTC) continues to prioritize the protection of consumers’ digital health information. The agency has demonstrated this commitment through enforcement actions against GoodRx and BetterHelp for sharing consumer health information for advertising purposes (see our blog posts on each respective action here and here), and in a post published by the FTC … Continue Reading

FTC Cracks Down on BetterHelp’s Sharing of Health Information for Advertising 

Following its February settlement with GoodRx, the Federal Trade Commission (FTC) has fired another shot across the bow in its ongoing campaign to protect consumers’ digital health information. Earlier this month the FTC announced a consent order with BetterHelp, Inc., an online mental health counseling service, to resolve alleged violations of the Federal Trade Commission … Continue Reading

Healthcare Providers: Add OCR’s Latest Right of Access Settlements to Your Summer Reading List

The Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) announced on July 15, 2022, that it has resolved 11 investigations conducted under the Health Insurance Portability and Accountability Act (“HIPAA”) Right of Access Initiative. These settlements remind providers that, as OCR Director Lisa J. Pino stated, “OCR is … Continue Reading

OCR Releases Guidance on HIPAA Compliance When Providing Audio-Only Telehealth

The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) recently released new guidance (the “Guidance”) to help ensure that individuals may continue to benefit from audio-only telehealth services and clarify for health care providers and health plans how they can provide such services while complying with the HIPAA Privacy, Security, … Continue Reading

Must Watch Summer Viewing Coming Soon: OCR’s Upcoming Video Presentation on the HITECH Act’s Recognized Security Practices

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced June 10, 2022 that it is producing a video presentation on “recognized security practices” as set forth in the recent amendment of the Health Information Technology for Economic Health Act (HITECH Act) and is seeking questions from the public that … Continue Reading

Help Wanted: OCR Seeks Public Input on “Recognized Security Practices” and Sharing Settlements with Harmed Individuals Under the HITECH Act

Covered entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have the chance to provide input on two amendments to the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”). The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) recently … Continue Reading

CMS Is Here To Help Healthcare Entities Comply with Its Vaccination Rule

The Centers for Medicare and Medicaid Services (“CMS”) recently published an infographic to help Medicare and Medicaid facilities and providers determine if they or some members of their workforce are subject to the Omnibus Health Care Staff Vaccination Interim Final Rule (“Vaccine Rule”).  CMS has also issued FAQs to assist healthcare providers in assessing whether … Continue Reading

Biden Administration Unveils Long-Awaited COVID-19 Rules For Large Employers and Healthcare Workers

The wait is over for employers seeking clarity on the details of the Biden Administration’s vaccine and testing rules for private employers, first announced by President Biden in early September and now slated to take effect alongside federal contractor vaccine requirements on January 4, 2022. The first rule, issued by the Occupational Safety and Health … Continue Reading

FTC Warns Health App Vendors: Comply with the Health Breach Notification Rule or Pay the Penalty!

Vendors of health applications (“health apps”) and connected devices that collect or use individuals’ health information, along with their service providers, are now on notice that they must provide timely notice to consumers and the Federal Trade Commission (FTC) when there is a security breach compromising health information. In response to the proliferation of health … Continue Reading

Medicare & Medicaid Facilities Are Put On Notice: Employees Must Be Vaccinated

Medicare and Medicaid certified facilities will be required to ensure that their employees are vaccinated for COVID-19, the Centers for Medicare & Medicaid Services (CMS) announced on September 9, 2021. Healthcare providers with 100 or more employees also may be subject to a forthcoming Emergency Temporary Standard (“ETS”) from the U.S. Department of Labor’s Occupational … Continue Reading

Group Health Plan Sponsors are Getting Serious About Pricing Transparency – Are You Keeping Up?

In early July, the Department of Health and Human Services (HHS), the Department of Labor (Labor), and the Department of the Treasury (Treasury) (collectively, the Departments), along with the Office of Personnel Management (OPM) released an interim final rule related to the No Surprises Act, legislation designed to protect patients from unexpected medical bills. The … Continue Reading

OIG Weighs In On COVID-19 Vaccination Incentives

The media has widely reported that several governmental, non-profit, and private organizations, including entities in the healthcare sector, are offering a variety of incentives to encourage more individuals to take the COVID-19 vaccine. While this approach may increase the number of vaccinated individuals, it can also implicate the healthcare fraud and abuse laws when Federal … Continue Reading

Ransomware Targeting Hospitals and Healthcare Providers

While fighting a surge of new coronavirus infections in many parts of the country, healthcare providers must also be prepared to defend against ransomware. On October 28, 2020, the FBI, the U.S. Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert warning of  “credible information … Continue Reading
LexBlog