Health Law Advisor

On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a bulletin warning that commonly used website technologies, including cookies, pixels, and session replay, may result in the impermissible disclosure of Protected Health Information (“PHI”) to third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The bulletin advises that “[r]egulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of Protected Health Information (“PHI”) to tracking technology vendors or any other violations of the HIPAA Rules.” The bulletin is issued amidst a wider national and international privacy landscape that is increasingly focused on regulating the collection and use of personal information through web-based technologies and software that may not be readily apparent to the user.

On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President Biden’s remarks highlighted the $13.6 billion in funding “to address Russia’s invasion of Ukraine and the impact on surrounding countries,” the 2022 Consolidated Appropriations Act contained numerous other laws, including the Cyber Incident Reporting Act, which should not be overlooked. The Cyber Incident Reporting Act puts in motion important new cybersecurity reporting requirements that will likely apply to businesses in almost every major sector of the economy, including health care, financial services, energy, transportation and commercial facilities. Critical infrastructure entities should monitor the upcoming rule-making by the Cybersecurity and Infrastructure Security Agency (“CISA”), as the final regulations will clarify the scope and application of the new law.

Recently, the U.S. Department of Health & Human Services (“HHS”) issued guidance for healthcare cybersecurity best practices.  As required under the Cybersecurity Act (CSA) of 2015, this four-part guidance was generated by a Task Group charged with the following:

1. Examining current cybersecurity threats affecting the healthcare and public health sector;
2. Identifying specific weaknesses that make healthcare and public health organizations more vulnerable to cybersecurity threats; and
3. Providing certain practices that cybersecurity experts rank as most effective ...

Surprisingly amidst the Federal Bureau of Investigation (FBI) uproar, President Trump today signed an executive order addressing cybersecurity for the federal government and critical infrastructure, along with international coordination and cyber deterrence. The substance of the order, which is about to be made public, comes from various press releases and interviews with administration officials. The order is composed of three sections on cybersecurity and IT modernization within the federal government, protecting critical infrastructure, and establishing a cyber ...

WHEN: Thursday, February 26, 2015

TIME: 12:00pm – 1:30pm EST

To register for this webinar, please click here.

Please join us for a complimentary webinar addressing wireless health regulatory issues. This session will discuss recent trends in health technology regulation; including Food and Drug Administration (FDA) developments, Federal Communications Commission (FCC) requirements, wireless technology and communication issues, mobile applications, decision support and other Health IT challenges, and privacy and cyber security considerations.

This session is ...