Rivkin Radler’s Shari Claire Lewis wrote an article, “FTC Appears Ready to Begin Enforcing Its Health Breach Notification Rule,” that was published in the New York Law Journal on April 18. The article discusses the Federal Trade Commission’s rule that requires manufacturers of connected medical devices, fitness trackers and other wearables, and health
Electronic Health Records
HHS Issues Guidance Clarifying Obligations of HIPAA Covered Entities
On March 22, the U.S. Department of Health and Human Services (HHS) issued guidance clarifying the obligations of covered entities to require their business associates to comply with HIPAA Administrative Simplification requirements related to standards for electronic health care transactions, code sets, unique identifiers, and operating rules.
While these requirements apply only to covered entities,…
OCR Announces Four HIPAA Enforcement Actions
On March 28, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced four new enforcement actions against healthcare providers for HIPAA violations. Two of the actions were part of OCR’s HIPAA Right of Access Initiative which has been ongoing since 2019.
Three of the actions were against dental…
HHS Report Warns of EMR and EHR Security Risks
The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) recently issued a report entitled “Electronic Medical Records in Healthcare” that discussed security risks applicable to electronic medical records (EMRs) and electronic health records (EHRs). EHRs and EMRs are prime targets for cyber attackers because protected health information (PHI)…
HIPAA Changes Coming in 2022 Might Require Policy Revisions
An article in the December issue of HIPAA Regulatory Alert, “HIPAA Changes Coming in 2022 Might Require Policy Revisions,” discussed how proposed changes to HIPAA and the HITECH Act may affect covered entities and business associates. Rivkin Radler’s Eric Fader was quoted in the article.
Eric pointed out that the proposed changes…
Recent Developments in Telehealth: For the Pandemic and Beyond
On Thursday, November 18, in the next installment of Rivkin Radler’s Healthcare Compliance Lunch & Learn series, Rivkin Radler Partner Eric D. Fader will present an overview of changes in the provision of telehealth services, and federal and state regulation of them, since the beginning of the COVID-19 pandemic. New rules and waivers that are…
NJ Infertility Clinic Reaches $495,000 Data Breach Settlement
The New Jersey Attorney General’s Office announced on October 12 that Diamond Institute for Infertility and Menopause, LLC, based in Millburn, NJ, will pay a $495,000 penalty for allegedly violating HIPAA and state law by failing to implement appropriate cybersecurity measures. The New Jersey Department of Law & Public Safety’s Division of Consumer Affairs investigated…

FTC Warns Health Apps on Data Breach Notification
The Federal Trade Commission (FTC) recently issued a policy statement confirming that vendors of apps and other connected devices that collect personal health information, such as glucose levels, heart rate, or fertility or sleep data, are subject to the FTC’s Health Breach Notification Rule. The rule, issued in 2009, requires vendors to notify consumers…
New CT Cybersecurity Law Protects Against Liability for Data Breaches
Connecticut Governor Ned Lamont recently signed into law “An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses” (Public Act No. 21-119). Under the Act, “covered entities” that implement certain cybersecurity measures to protect against data breaches of “personal information” and “restricted information” will be insulated against the imposition of punitive damages arising…
Proposed Physician Fee Schedule Adds Coverage for Remote Therapeutic Monitoring
The proposed 2022 Medicare Physician Fee Schedule released on July 13 by the Centers for Medicare & Medicaid Services (CMS) includes a new category of CPT codes for “remote therapeutic monitoring” (RTM). The new codes are in addition to the set of codes introduced in 2019 for remote physiological monitoring, usually called remote patient monitoring…