• The Minnesota Supreme Court has held that HIPAA “authorizes” disclosures for purposes of the Minnesota Health Records Act, and so consent was not required for a hospital to disclose certain individually identifiable health information to its institutionally related foundation for

…

• OCR reaches a new $1.3 million dollar settlement with a health plan for HIPAA violations.
• OCR says, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA

…

• OIG’s authority to begin enforcement of the Information Blocking Rule begins September 1, 2023.
• Certain Actors subject to the Information Blocking Rule may be subject up to a $1 million penalty per violation!
• Actors need to be proactive in ensuring

…

Get the inside scoop on:

• HHS’ Guidance on Use of Online Tracking Technologies, and AHA’s letter to OCR pushing back on the Guidance;
• How the definition of PHI and IIHI are being interpreted by HHS;
• How to leverage HIPAA’s De-identification

…

• The FTC Act prohibits companies from unilaterally applying material privacy policy changes to previously collected data.
• 1Health.io, a genetic testing company, said it would only share consumers’ sensitive health and other personal information in limited circumstances, then later expanded its

…

• AHA encourages OCR to publish its long-awaited Final Rule adopting proposed amendments to the HIPAA Privacy Rule which it views as providing sufficient expanded protection for patients’ sensitive health information (e.g., reproductive health).
• AHA encourages OCR to retract or amend

…

• FTC is seeking $200,ooo in penalties against a developer of a fertility app for disclosing sensitive information to third parties.
• The Premom App promised users that it would not share their health information with 3rd parties without consent and that

…