Data Privacy & Security/HIPAA/HITECH

What Are the Changes?

On April 26, 2024, the U.S. Department of Health and Human Services (“HHS”) issued a final rule (the “Final Rule”) along with guidance updating the Health Insurance Portability and Accountability Act (“HIPAA”) regulations at 45 C.F.R. Parts 160 and 164 (the “Privacy Rule”). The Final Rule prohibits the use or disclosure of protected health information (“PHI”) for the purpose of (1) conducting criminal, civil, or administrative investigations into, or (2) imposing criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive health care that is legal when provided. The Final Rule also prohibits the use or disclosure of PHI in order to (3) identify any person for any of those purposes (the “Prohibition”).[1]Continue Reading HHS Changes HIPAA Privacy Rule to Restrict the Disclosure of Reproductive Health Care Information

On February 8, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) finalized long-awaited modifications to the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 C.F.R. Part 2, which requires individuals or entities that receive federal funding and provide SUD treatment to implement additional privacy protections and obtain specific consent before using and disclosing SUD treatment records (see 42 C.F.R. § 2.11).Continue Reading Confidentiality of Substance Use Disorder Records: HHS Finalizes Changes to Part 2 Rule

U.S. Senators Angus King (I-ME) and Marco Rubio (R-FL) recently introduced a bill addressing cybersecurity protections and oversight in the healthcare industry. The Strengthening Cybersecurity in Health Care Act, introduced on February 8, 2024, aims to bolster a vulnerable and often-targeted industry against cyberattacks. The proposal follows a number of significant cyberattacks on healthcare organizations in recent years; Senator King noted that approximately 133 million people, or nearly one in three Americans, had their personal information compromised in 2023 alone.Continue Reading Cybersecurity in Healthcare: Pending Bill Calls for Tougher Protections

DEA waivers regarding the Ryan Haight Act could play a major role in telehealth’s future.

In the first decade of the 21st century, deaths attributable to overdoses of prescription drugs saw an alarming spike in volume, led higher by a tripling of deaths due to opioid use. Amid this surge, Congress enacted the Ryan Haight Online Pharmacy Consumer Protection Act in 2008 as part of an attempt to rein in the burgeoning online marketplace for prescription drugs—particularly those involving controlled substances—which had largely evaded prior enforcement actions.Continue Reading Telehealth’s Post-Pandemic Growth Trajectory

Husch Blackwell represented Talkspace—an online and mobile therapy company based in New York City that connects users with licensed therapists via video chat or text—as corporate and healthcare regulatory counsel in its recently closed business combination with Hudson Executive Investment Corp.
Continue Reading Husch Blackwell Represents Talkspace in SPAC Combination

Led out of the firm’s Milwaukee office, Husch Blackwell represented UpHealth in its recently closed business combination that created a publicly traded, comprehensive global digital healthcare company.

Our Kate Bechen and Robin Lehninger were thrilled to join the leadership team of UpHealth Inc. at the New York Stock Exchange to celebrate their listing as a

Since last year, the Husch Blackwell privacy attorneys have been working with various healthcare providers—from hospitals to hospices, to independent physician groups—to comply with the Information Blocking rule (the Rule) implemented by the Office of the National Coordinator for Health Information Technology (ONC) as part of the 21st Century Cures Act.  Recently, Education clients have been asking, “We’re a university – does the Information Blocking rule apply to our student health center?”  We discuss the answer to that question, along with practice tips, in this blog post.
Continue Reading Information Blocking: College & University Student Health Centers – Does the Rule Apply to Us?

You may recall on December 10, 2020 we wrote about the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announcement of a proposed rule  that would revise the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations. In the proposed rule, HHS has solicited public comments, that were originally due within 60-days  of the proposed rule publication in the Federal Register.
Continue Reading Health and Human Services Extends Comment Deadline for Proposed Rule on HIPAA Privacy to May 6, 2021

The pandemic of 2020 tested the mettle of our nation’s healthcare system in many unexpected and profound ways. As healthcare delivery was being rapidly restructured to accommodate COVID-19 diagnosis and treatment and socially-distanced care, bad actors simultaneously began to exploit the increased number of vulnerabilities in health information systems created by telehealth platforms, patient portals and the inattention of stressed, overworked staff. The result was an unprecedented number of cyberattacks culminating in an alert from the Cybersecurity and Infrastructure Security Agency (CISA) on October 28, 2020 addressing the plague of ransomware activity targeting the healthcare and public health sector.
Continue Reading Healthcare Perspectives on Data Privacy Day 2021