Meet New Jersey’s Brand New Data Privacy Act and Its Impact on Healthcare Organizations & Others

Meet New Jersey’s Brand New Data Privacy Act and Its Impact on Healthcare Organizations & Others

by | Jan 26, 2024 | , ,

The New Jersey Data Privacy Act (NJDPA) was enacted on January 16, 2024. Although PHI collected by a HIPAA CE or BA is excluded from the NJDPA HIPAA CEs and BAs are NOT wholly excluded from compliance with the NJDPA. Also, HHS’ recent problematic interpretation that IP addresses collected by a healthcare provider’s website may be PHI adds even more complexity in interpreting the NJDPA.

read more
Minnesota Supreme Court Finds State Law Permits Health Information to be Shared Because HIPAA Authorizes It

Minnesota Supreme Court Finds State Law Permits Health Information to be Shared Because HIPAA Authorizes It

by | Oct 11, 2023 | , , , ,

The Minnesota Supreme Court held that HIPAA “authorizes” disclosures for purposes of state law and consent was not required for a hospital to disclose PHI to its institutionally related foundation for fundraising purposes. Other states might take a similar stance. The Information Blocking Rule (IBR) prohibits health care providers from interfering with the access and exchange of EHI in an unreasonable manner. State with laws containing similar “as authorized by federal law” exceptions to consent must be carefully considered when claiming the IBR’s Privacy Exception to “block” EHI.  

read more
FTC Finds that Ovulation Tracking App Violated the Health Breach Notification Rule

FTC Finds that Ovulation Tracking App Violated the Health Breach Notification Rule

by | May 18, 2023 | , , ,

The FTC releases its second enforcement action under the Health Breach Notification Rule in just over 3 months. This time, the FTC found that a fertility app called Premom shared sensitive fertility information with third parties for unauthorized purposes. While Premom told its users that it would not share their health information with third parties without users’ consent, it used third-party automated tracking tools known as software development kits (SDKs) which shared highly sensitive health information (e.g., data about an individual user’s sexual & reproductive health, pregnancy status etc.) for advertising and marketing purposes.

read more
ONC Publishes New FAQs on Information Blocking focused on the Privacy Exception.

ONC Publishes New FAQs on Information Blocking focused on the Privacy Exception.

by | Apr 2, 2023 | , ,

The Office of National Coordinator says it receives a lot of questions regarding how the Information Blocking Rule is supposed to work in tandem with the HIPAA Privacy Rule and other federal and state laws governing privacy and confidentiality. Their new FAQs aim to help clarify when actors can choose to not respond to a request for access, exchange, or use of electronic health information.

read more
FTC Orders BetterHelp Health App to Pay $7.8M for Sending User Data to Facebook & Snapchat

FTC Orders BetterHelp Health App to Pay $7.8M for Sending User Data to Facebook & Snapchat

by | Mar 2, 2023 | , , ,

The FTC issued a proposed order requiring BetterHelp to pay $7.8 million to consumers to settle charges that it shared consumers’ health data with Facebook, Pinterest, Snapchat, and Criteo after promising to keep such data private and claiming it is “certified” as “HIPAA compliant.” The real juice of this case is in the FTC compliant — and HIPAA-covered providers, facilities & organizations can learn a lot about what to watch out for with health data Apps as we continue to march towards the FHIR.

read more
Is Your Organization Ready for an OCR HIPAA Compliance Review re: Use of Online Tracking Technology?

Is Your Organization Ready for an OCR HIPAA Compliance Review re: Use of Online Tracking Technology?

by | Jan 5, 2023 | , , ,

On December 1, 2022, OCR released a “guidance” Bulletin re: “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.” From it, we learned (among other things) that OCR believes that an individual’s IP addresses and geo location, collected by a regulated entity’s website, is protected by HIPAA. Now, we have come to learn that HIPAA compliance investigations by OCR are already underway concerning this topic. Are you ready?

read more
CMS Releases Hospital COP Event Notification FAQs; Interpretive Guidance

CMS Releases Hospital COP Event Notification FAQs; Interpretive Guidance

by | May 13, 2021 | , , , ,

On May 1, modifications to the Medicare Conditions of Participation (“CoPs”) went into effect, requiring certain electronic event notifications for admissions, discharges and transfers (“ADTs”) to and from hospitals, critical access hospitals and psychiatric hospitals. To provide guidance to hospitals and state surveyors, CMS released several FAQs as well as interpretive guidance last week to be published in the State Operations Manual.

Hospitals are required to make a “reasonable effort” to ensure that notifications are sent to post-acute care services providers and suppliers, and other practitioners and entities, which need such notifications for treatment, care coordination or quality improvement. Under the new CoP, ADT notifications must be sent for all emergency department and inpatient patients where the hospital, critical access hospital or psychiatric hospital maintains an electronic medical record or administrative system.

read more
Info Blocking Rules have you STRESSED?!! Join Helen O. for Two Not-to-Miss Workshops for Help!

Info Blocking Rules have you STRESSED?!! Join Helen O. for Two Not-to-Miss Workshops for Help!

by | Sep 23, 2020 | , , , ,

Join me for a pair of 1.5hr Information Blocking Workshops designed to work thorough the nitty-gritty details of the Information Blocking Rule.  The first Workshop will take place WEDNESDAY (9/30) so don’t delay! Workshops will include use cases and scenarios aimed at real challenges faced by health care providers looking to comply with these new regulatory standards for access and sharing of electronic health information. Registrants will receive 2 sample P&Ps, and much more!

read more
Join Seton Hall Law & Helen Oscislawski & Other Esteemed Speakers on September 17th for Panel Discussions on Balancing Privacy and Public Health in a COVID-19 World

Join Seton Hall Law & Helen Oscislawski & Other Esteemed Speakers on September 17th for Panel Discussions on Balancing Privacy and Public Health in a COVID-19 World

by | Sep 11, 2020 | , ,

Seton Hall Law’s Institute for Privacy Protection and Gibbons Institute of Law, Science & Technology is hosting a Virtual Event on September 17th with legal academics, practitioners, and government officials who will evaluate the impact of the COVID-19 pandemic on privacy and intellectual property. Panel One speakers will discuss balancing privacy & public health; Panel Two will discuss Intellectual Property – incentives to access to vaccines & treatments.

read more
Looks Like the FTC Is Ramping up for Enforcement of Health Apps

Looks Like the FTC Is Ramping up for Enforcement of Health Apps

by | Jul 24, 2020 | , ,

This past Tuesday the FTC hosted its 5th annual PrivacyCon. It was a GREAT event!  The full-day event covered a wide-range of cutting edge and titillating issues concerning the privacy of data in this day and age of rapidly accelerating technology.  However, it was the morning session which covered Health Apps that interested me the most. In his opening remarks, the Director of FTC’s Bureau of Consumer Protection, Andrew Smith, came out-of-the-gate pointing out that earlier this year HHS issued rules that will make it easier for consumers to access their medical records through the app of their choice, and while this expanded access to health information can be an enormous benefit to consumers – wherever data flow opportunities increase, the opportunities for data compromise increase as well. Director Smith concluded his opening remarks by stating “We at the FTC will not hesitate to take action when companies misrepresent what they are doing with consumers’ health information or otherwise put health data at undue risk . . .” Here is what I learned from the four-person panel of experts who discussed the ins-and-outs of Health Apps and potential direction of the FTC will take with enforcement.

read more
Is Your Organization Ready to Send Patient Information to Apps by November?

Is Your Organization Ready to Send Patient Information to Apps by November?

by | Jun 19, 2020 | , , ,

Becker’s Hospital Review reported that 70% of CIOs are “concerned” about meeting the upcoming November 2nd deadline for complying with the Final Rules prohibiting information blocking practices. This is according to a survey conducted by CHIME, which included responses from executives at academic medical centers, critical access hospitals, multi-hospital systems and specialty hospitals.  Although the survey did not appear to identify specifically what concerns CIOs about complying with information blocking rules by this fall, one possibility is fully understanding how ONC’s information blocking rules will apply to releasing patients’ EHI to third-party apps.

read more

Archives