Category Archives: Technology

Subscribe to Technology RSS Feed

FTC’s Updated Health Breach Notification Rule Puts Health App Developers on Notice

The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30, 2024, the FTC published its final rule implementing the HBNR. And so begins a new robust enforcement landscape for health and wellness … Continue Reading

OCR Will Focus on You if You Don’t Focus on Cybersecurity

With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity vulnerabilities as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA Rules). On October 31, 2023, … Continue Reading

OCR and FTC Issue Warning to Hospital Systems and Telehealth Providers about Tracking Technologies

On July 20, 2023, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) announced they were sending a joint letter to approximately 130 unidentified hospital systems and telehealth providers highlighting the agencies’ concerns about the use of tracking technologies on websites and mobile apps in … Continue Reading

OIG Issues Information Blocking Penalties Final Rule: Health IT Developers and Health Information Exchanges/Networks Have a Million Reasons to Care

On June 27, 2023, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued its long-anticipated final rule amending the OIG’s civil monetary penalty (CMP) regulations as they relate to information blocking (CMP Final Rule or Rule). The CMP Final Rule was published in the Federal Register on July 3, 2023. … Continue Reading

Health Apps Beware: FTC Clarifies Health Breach Notification Rule with Significant Proposed Changes

Direct-to-consumer health and wellness applications are forewarned: the Federal Trade Commission (FTC) is proposing changes to the Health Breach Notification Rule (HBNR), 16 C.F.R. part 318, that, if finalized, would cement the HBNR’s applicability to a broad swath of direct-to-consumer health and wellness applications (apps) and confirm that a breach of security includes not only … Continue Reading

The FTC Sends Another Warning to Digital Healthcare Platforms About Use of Tracking Pixels

The Federal Trade Commission (FTC) continues to prioritize the protection of consumers’ digital health information. The agency has demonstrated this commitment through enforcement actions against GoodRx and BetterHelp for sharing consumer health information for advertising purposes (see our blog posts on each respective action here and here), and in a post published by the FTC … Continue Reading

FTC Cracks Down on BetterHelp’s Sharing of Health Information for Advertising 

Following its February settlement with GoodRx, the Federal Trade Commission (FTC) has fired another shot across the bow in its ongoing campaign to protect consumers’ digital health information. Earlier this month the FTC announced a consent order with BetterHelp, Inc., an online mental health counseling service, to resolve alleged violations of the Federal Trade Commission … Continue Reading

FTC’s Enforcement Action Against GoodRx Breathes New Life into Decade Old Regulation

The Federal Trade Commission (FTC) didn’t mince words. On September 2021, it called out the health app industry for failing to understand the agency’s Health Breach Notification Rule (HBNR) and for not disclosing its breaches. Apparently dissatisfied with the industry’s response, the agency enforced the HBNR against GoodRx for the first time since the rule … Continue Reading

Don’t Just Phone It In – Avoiding Fraud in Telehealth Contracts

To facilitate the provision of care during the pandemic, the federal government and many state governments enacted changes that encouraged physicians and other nonphysician practitioners (collectively, Practitioners) to use telehealth services. While this new flexibility increased access to care, it also increased opportunities for fraud. On July 20, 2022, the U.S. Department of Health and … Continue Reading

CMS Issues Additional Waivers and Guidance on Telehealth

To ensure Medicare beneficiaries have access to necessary care without risking exposure to COVID-19, the Centers for Medicare & Medicaid Services (CMS) has further expanded telehealth services and relaxed certain requirements related to the same with the issuance of additional waivers (available here) and an interim final rule (IFR) available here.… Continue Reading

New FBI Alert to Healthcare Providers – Beware of COVID-19 Phishing Campaigns

Healthcare providers are under siege, not only from the COVID-19 pandemic, but also from cyber criminals.  Following reports of targeted email phishing attempts, the FBI issued a FLASH alert warning healthcare providers on April 21, 2020, that they are at heightened risk for cyber attacks that use COVID-19 as bait.  The FBI’s FLASH alert follows … Continue Reading

Breaking Developments for Telehealth and Teleprescribing in Georgia

Unsurprisingly, COVID-19 has created a great degree of liberalization in the telehealth requirements previously in place. What has not changed is the fact that telehealth services are governed by a number of different laws and regulations, all of which are constantly changing – now more than ever.  In addition to the multiple changes at the federal … Continue Reading

Hackers Raise the Stakes By Possibly Causing Physical Harm

Computer hacking, and the permutation of crimes that can be committed by hackers, generally does not spur images of infliction of physical harm. However, in a chilling turn of events, computer hackers have opened a new front in the damage that can be inflicted through cybercrime. In a nefarious series of developments, cyber-liabilities now arise … Continue Reading

Is A Federal Privacy Law In The Cards for 2020?

In May of 2018, the European Union enacted the General Data Protection Rules, or GDPR, a legal framework that outlines not only how companies may collect and process personal information of EU residents, but how that data is stored and used. Since its enactment, GDPR has triggered a global push towards compliance with those standards. … Continue Reading

Privacy Policy: The Midterm Effect

Congress has long attempted to grapple with issues of cyber-security, both within the healthcare field, and generally in the United States.  The Health Insurance Portability and Accountability Act (HIPAA), as well as the Health Information Technology for Economic and Clinical Health Act (HITECH) have provided significant compliance requirements for healthcare entities in the area of … Continue Reading

GDPR: What You Need to Know Now

It is safe to say that there has been much fear and confusion over the European Union (EU) General Data Protection Rule, or GDPR. With an effective date of May 25, 2018, and little guidance as to how the GDPR applies to organizations that do not have a physical presence in the EU or do … Continue Reading

Prepare for the Unexpected with Data Storage and Retrieval

Last week, a federal court in Illinois encountered another example of unexpected events causing problematic privacy and data storage implications for a healthcare company. The non-profit organization responsible for maintaining the MetroChicago Health Information Exchange (the HIE) filed suit against its information technology support contractor and the contractor’s owner to prevent the contractor’s plan to … Continue Reading

Shhh….OCR Releases New HIPAA Audit Protocol

Just in time for the Phase 2 audits, the Department of Health and Human Services Office for Civil Rights (OCR) quietly posted the updated HIPAA Audit Protocol on its website. The new audit protocol has been updated to include business associates who became subject to HIPAA following the 2013 HIPAA Omnibus Final Rule. The protocol … Continue Reading

CMS Announces Enforcement of EHR Payment Adjustments in 2015

On December 17, 2014, the Centers for Medicare and Medicaid Services (“CMS”) announced that there would be reductions in Medicare reimbursement for health care providers who do not meet the CMS electronic health record (“EHR”) incentive program’s meaningful use requirements. This announcement comes in the wake of CMS’ decision in October to extend the hardship … Continue Reading

Social Media Use for Clinical Trial Recruitment

Social media can be an effective and easy way to connect with friends and professional contacts. However, it can also serve as a tool for institutions and principal investigators involved in enrolling subjects in clinical research to connect with prospective patients and subjects for clinical trial recruitment. The research shows that, to-date, there has not … Continue Reading

35 Days and Counting – R.I.P. Windows XP

Effective April 9, 2014, Microsoft will no longer provide technical support or security updates for the Windows XP operating system. According to Microsoft, personal computers running Windows XP after April 8, 2014 should not be considered to be protected. This announcement means that covered entities and business associates under the Health Insurance Portability and Accountability … Continue Reading

FDA Launches Medical Device ID Requirement

On September 24, 2013, the Food and Drug Administration (FDA) finalized a new rule requiring medical devices to bear special ID numbers. The numbers, called Unique Device Identifiers or UDIs, will identify the manufacturer, the specific model of a device, and other information such as batch or lot codes, serial numbers, and expiration dates. The … Continue Reading

EMR Market Continues to Grow While Practitioner Satisfaction Decreases

According to a new report from healthcare market research firm Kalorama Information, the market for Electronic Medical Records (EMRs) was $20.7 billion in 2012, up 15 percent from $17.9 billion in 2011. The EMR market includes revenues from EMR and Computerized Physician Order Entry (CPOE) systems as well as directly-related services such as installation, training, … Continue Reading
LexBlog