electronic health information

Confidentiality of Substance Use Disorder Records: HHS Finalizes Changes to Part 2 Rule

By Noreen Vergara & Taylor Crossley on May 1, 2024

Posted in Compliance, Data Privacy & Security/HIPAA/HITECH, Healthcare Providers, Healthcare Regulatory, Patient Health Data, U.S. Department of Health & Human Services

On February 8, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) finalized long-awaited modifications to the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 C.F.R. Part 2, which requires individuals or entities that receive federal funding and provide SUD treatment to implement additional privacy protections and obtain specific consent before using and disclosing SUD treatment records (see 42 C.F.R. § 2.11).

Cybersecurity in Healthcare: Pending Bill Calls for Tougher Protections

By Ragini A. Acharya & Matthew Deutsch on March 13, 2024

Posted in Data Privacy & Security/HIPAA/HITECH, Healthcare Regulatory

U.S. Senators Angus King (I-ME) and Marco Rubio (R-FL) recently introduced a bill addressing cybersecurity protections and oversight in the healthcare industry. The Strengthening Cybersecurity in Health Care Act, introduced on February 8, 2024, aims to bolster a vulnerable and often-targeted industry against cyberattacks. The proposal follows a number of significant cyberattacks on healthcare organizations in recent years; Senator King noted that approximately 133 million people, or nearly one in three Americans, had their personal information compromised in 2023 alone.

Update: Information Blocking Rule Deadline Delayed, But Telehealth Still in Play

By Julian Rivera, Wakaba Tessier & Theresa Langley on November 4, 2020

Posted in Data Privacy & Security/HIPAA/HITECH, Telehealth

On October 29, 2020, HHS extended the effective date of compliance for the “Information Blocking” final rule promulgated as part of the 21^st Century Cures Act (Information Blocking Rule). The Information Blocking Rule, which was set to take effect on November 2, 2020, prohibits health care providers, IT developers, and health information exchanges from unreasonably interfering with the access, exchange, or use of electronic health information (EHI). We previously discussed the practice of information blocking and the eight exceptions in our blog post Information Blocking: Ready or Not, Here it Comes!.

Information Blocking: Ready or Not, Here it Comes!

By Wakaba Tessier, Kelsey Toledo & Tracey Toll on October 26, 2020

Posted in Academic Medical Centers, Children's Hospitals and Pediatric Providers, Healthcare Providers, Hospitals & Health Systems

On May 1, 2020, the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology (ONC) released its final rule (Final Rule) on “Information Blocking” as part of the 21^st Century Cures Act. The Final Rule applies to the following (ONC refers to each one as an “Actor”): (i) healthcare providers, (ii) health IT developers subject to ONC’s Health IT Certification Program, (iii) health information networks (HIN) or (iv) health information exchanges (HIE). With the initial enforcement date fast approaching (November 2), we explain the rule below.

Healthcare Law Insights