The article discusses the increasing enforcement and scrutiny related to healthcare privacy and social media communications under HIPAA. It highlights the challenges faced by healthcare providers in responding to patient reviews on social media without violating HIPAA regulations. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has emphasized the broad interpretation of PHI and is actively monitoring online activities of regulated entities. The article underscores the importance of HIPAA-regulated entities assessing their compliance obligations and consulting with privacy officers or legal counsel before responding to online reviews.

Recent advancements in Artificial Intelligence (AI) are significantly impacting the healthcare industry, enhancing everything from administrative tasks to complex diagnostic processes. Jim Gatto, a partner at Sheppard Mullin, discusses the implications and challenges of AI in healthcare, emphasizing its role in supplementing rather than replacing professionals. Key challenges include potential inaccuracies, data privacy issues, and legal concerns such as bias, discrimination, and intellectual property rights. Navigating these hurdles is crucial, especially in the highly regulated healthcare sector.

The Department of Health & Human Services, through the Office of the National Coordinator for Health Information Technology, has updated the certification process for health IT systems, particularly those using artificial intelligence for predictive modeling. The new rule requires developers to ensure transparency and user understanding of decision-support interventions (DSIs), conduct risk assessments, and publish summaries of these practices. Existing certifications must be updated to meet the new criteria by the end of 2024, with additional requirements phased in over several years.

The U.S. Department of Health and Human Services (HHS) and the Substance Abuse and Mental Health Services Administration (SAMHSA) have released a Final Rule to revise the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 C.F.R. Part 2. This rule aligns Part 2 confidentiality protocols with HIPAA and HITECH Act requirements, aiming to improve care coordination and reduce administrative burdens while safeguarding SUD records. Key changes include allowing a single patient consent for all future uses and disclosures, enhanced protections for counseling session notes, breach notification requirements, and penalties for violations. The rule takes effect on April 16, 2024, with full compliance required by February 16, 2026.

Deirdre O’Neill of Hertility Health discusses the role of DiagnosTech in fertility and reproductive health, highlighting the challenges and opportunities in the field. The episode explores Hertility Health's mission, collaborations, and the impact of technology on their work. The podcast also features insights from Sara Shanti and Phil Kim of Sheppard Mullin, who provide counsel on digital health and regulatory compliance matters.

The United States District Court for the Eastern District of Virginia dismissed an appeal by the Pharmaceutical Coalition for Patient Access challenging a negative opinion by the Office of the Inspector General concerning pharmaceutical manufacturers' offers of cost-sharing subsidies to Medicare Part D beneficiaries. The Court ruled in favor of the Government, holding that the Anti-Kickback Statute's meaning of 'induce' does not require a showing of corrupt intent and that the proposed subsidy program could contravene the AKS. The Court also found that the OIG followed its 2005 guidance and that the negative opinion did not infringe upon PCPA's First Amendment rights.

Craig Lund, co-founder and CEO of Mightier, discusses the role of gamification in healthcare on Sheppard Mullin's Health-e Law podcast. The conversation covers how gamification can improve access to mental and behavioral health services, reduce stigma, and enhance patient engagement. The discussion also touches on the future growth of gamification in healthcare and the importance of making these solutions accessible and affordable.

Health-e Law, a podcast by Sheppard Mullin, features its healthcare team leader Eric Klein discussing the future of health tech and expectations for 2024. The episode covers healthcare disruption, digital health trends, investor interests, and the impact of consolidation in the digital health space. Eric Klein, Sara Shanti, and Phil Kim, partners at Sheppard Mullin with expertise in healthcare law and digital health, provide insights into the legal and business aspects of healthcare technology.

The rise of digital health solutions is transforming healthcare by making specialized care more accessible, affordable, and personalized. Viveka Rydell-Anderson, CEO of Pacific Vision Foundation, discusses the impact of digital health technologies, such as telehealth, which saw significant adoption during the COVID-19 pandemic. These technologies improve patient care through remote monitoring and reduce provider burnout by automating administrative tasks. Key considerations for the future include scale, usability, and security as digital health becomes more integrated into healthcare systems.

Health-e Law is a new podcast by Sheppard Mullin's Digital Health Team, hosted by Phil Kim and Sara Shanti. The podcast explores the intersection of technology and law in healthcare, covering topics like AI, virtual reality, and regulatory compliance. Phil Kim and Sara Shanti bring extensive expertise in healthcare innovation, data privacy, and regulatory matters, providing valuable insights for industry stakeholders.

Artificial Intelligence (AI) is transforming the healthcare industry, as discussed in the second episode of Sheppard Mullin’s Health-e Law Podcast by Jim Gatto, Sara Shanti, and Phil Kim. AI's expansion in healthcare promises to improve operational efficiencies and diagnostic accuracy while supplementing professionals rather than replacing them. However, AI faces challenges such as producing inaccurate results, potential legal issues with data usage, bias and discrimination, and intellectual property concerns. Navigating these hurdles is crucial in the highly regulated healthcare industry.

Sheppard Mullin’s Healthcare Team has launched 'Health-e Law,' a new podcast focusing on the intersection of technology and health. Hosted by partners Sara Shanti and Phil Kim, and associate Michael Sutton, the podcast features 15-minute episodes discussing innovations in health-tech. The first three episodes cover topics such as transparency in data collection, the role of AI in healthcare, and improving access to specialized care through digital technologies. The podcast is available on major platforms and Sheppard Mullin’s website.

The article discusses the increasing attention lawmakers are giving to the regulation of artificial intelligence (AI) in healthcare, particularly to prevent discrimination. It highlights two proposed bills in California: Assembly Bill 1502, which aims to prevent discrimination by health insurers using AI, and Assembly Bill 331, which seeks to regulate algorithmic discrimination in automated decision tools. The article underscores the importance of these legislative efforts in setting a standard for other states and emphasizes the need for healthcare entities to assess and mitigate discriminatory impacts of AI technologies.

California has approved Assembly Bill 254 to extend protections under the Confidentiality of Medical Information Act (CMIA) to patient information collected through reproductive or sexual health applications. The Bill revises the definition of 'medical information' to include 'reproductive or sexual health application information,' significantly expanding protections in the FemTech space. Developers must now ensure their data usage activities conform to the CMIA, which also gives patients a private cause of action. This move follows California's legislative response to the overturning of Roe v. Wade, including a 2022 amendment prohibiting the release of medical information about individuals seeking abortions to law enforcement or in response to subpoenas based on laws from other states.

The article discusses the increasing scrutiny and enforcement of HIPAA laws in relation to social media activities by healthcare entities. It highlights the challenges faced by healthcare providers in responding to patient reviews on social media without violating HIPAA regulations. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has broadened its interpretation of Protected Health Information (PHI) and is actively monitoring online activities. A recent settlement with a dental practice over inappropriate PHI disclosures in online reviews underscores the importance of compliance. Healthcare entities are advised to consult with privacy officers or legal counsel to navigate these complexities.

Dr. Laura Tully, Vice President of Clinical Services at ChatOwl, discusses the importance of transparency in health-tech data collection and use on Sheppard Mullin’s Health-e Law podcast. Emphasizing that clear communication about data practices can build user trust, Dr. Tully highlights that consumers are concerned about both data protection and usage. Studies show users are willing to share data for improved treatment but disapprove of its commercial use. Transparent data practices could enhance user engagement and improve the quality of collected data, crucial for the advancement of health-tech products.

The inaugural episode of Sheppard Mullin's Health-e Law podcast features Dr. Laura Tully, Vice President of Clinical Services at ChatOwl, discussing the importance of transparency in health-tech data collection and use. The conversation covers how transparency can drive engagement and improve outcomes in digital health solutions, particularly in mental health. Dr. Tully's background and expertise in ethical data use and trauma-informed care are highlighted, along with contributions from Sara Shanti and Phil Kim, who provide insights into the legal and regulatory aspects of digital health.

Texas is enacting the Texas Data Privacy and Security Act to protect consumer personal data, joining other states in comprehensive privacy legislation. The Act grants consumers rights over their data and imposes duties on businesses processing personal data, excluding small businesses and entities governed by HIPAA. Controllers must limit data collection, maintain security practices, and provide consumer notices. The Texas Attorney General has exclusive enforcement authority, with civil penalties for violations. Businesses must assess compliance and prepare for consumer data requests.

California has enacted Assembly Bill 254 to extend the Confidentiality of Medical Information Act (CMIA) to cover reproductive and sexual health application information. This legislation mandates that software and application developers comply with CMIA's confidentiality requirements, prohibiting certain marketing uses and requiring breach notifications. The bill aims to provide broader protection for reproductive health information, particularly in response to the overturning of Roe v. Wade, and ensures that digital services handling such data are covered under CMIA.

California has enacted Assembly Bill 254 to extend the Confidentiality of Medical Information Act (CMIA) to cover data collected through reproductive and sexual health applications. This legislation, approved on September 27, 2023, mandates that software and application developers in the FemTech space comply with CMIA's confidentiality, marketing, and breach notification requirements. The bill broadens the definition of 'medical information' to include reproductive health data, ensuring comprehensive protection and addressing concerns following the overturning of Roe v. Wade. The California Legislature's actions reflect a commitment to safeguarding sensitive health information.

Jim Gatto, a partner at Sheppard Mullin, discusses the transformative impact of AI on healthcare, emphasizing its potential to enhance industry practices while addressing ethical and legal challenges. The podcast highlights the growing applications of AI, particularly in elder care and isolation, and explores significant legal risks associated with AI in healthcare. Gatto, along with colleagues Sara Shanti and Phil Kim, provides insights into the intersection of healthcare technology, regulatory compliance, and innovation.

The Florida Legislature has amended the Florida Electronic Health Records Exchange Act to prohibit certain health care providers from storing qualified electronic health records outside the United States, its territories, or Canada. This prohibition extends to third-party or subcontracted computing facilities or cloud service providers. The Act, effective July 1, 2023, requires health care providers to ensure that patient information is stored within the specified regions and to transition data storage if necessary. The legislation aims to enhance data privacy and security for electronic health records.

The Federal Trade Commission (FTC) has proposed changes to the Health Breach Notification Rule to clarify its application to mobile health applications and related technologies. The proposed updates aim to ensure that vendors of personal health records and related entities understand their obligations under the rule, which includes notifying consumers and the FTC in the event of a security breach. Key changes include updated definitions for terms such as 'PHR identifiable information,' 'health care provider,' and 'personal health record,' as well as expanded notice requirements to include electronic communications. Comments on the proposed rule are due by August 8, 2023.

The Federal Trade Commission (FTC) has proposed changes to the Health Breach Notification Rule to clarify its application to mobile health applications and related technologies. The proposed rule aims to ensure that vendors of personal health records and related entities, which are not subject to HIPAA, comply with breach notification requirements. Key updates include expanded definitions for 'PHR identifiable information,' 'health care provider,' and 'health care services or supplies,' as well as changes to the notice requirements for breaches. The FTC seeks to address industry confusion and enhance consumer protection by broadening the scope of the rule to include wellness products and online services. Comments on the proposed changes are due by August 8, 2023.

Nearly half of the State Attorneys General penned a letter to the U.S. Department of Health and Human Services, Office for Civil Rights, advocating for broader privacy protections surrounding reproductive health care information. The letter supports the Proposed Rule published in April 2023, which aims to revise HIPAA provisions in response to the overturning of Roe v. Wade and subsequent state laws. The letter calls for additional measures, including an independent definition of 'reproductive health,' examples of reproductive health care, and expanded prohibitions on the use or disclosure of protected health information. It also emphasizes the need for patient education through a centralized online platform.

Nearly half of the State Attorneys General in the United States have written to the U.S. Department of Health and Human Services' Office for Civil Rights, advocating for enhanced privacy protections for reproductive health care information. This letter supports the proposed rule changes to HIPAA, which aim to safeguard reproductive health information in light of recent legal changes, including the overturning of Roe v. Wade. The letter suggests further enhancements, such as defining 'reproductive health' independently, providing examples of reproductive health care, and expanding privacy protections to other health care categories. The State Attorneys General emphasize the importance of patient education and maintaining strong privacy standards.

Texas has enacted legislation limiting the use and disclosure of genetic data by direct-to-consumer genetic testing companies, effective September 1, 2023. The law grants individuals property rights over their biological samples and genetic test results, restricts data sharing without consent, and mandates companies to implement security measures and privacy policies. Violations may result in civil penalties, enforceable by the Texas Attorney General.

On June 17, 2023, Texas enacted legislation limiting the use and disclosure of genetic data by direct-to-consumer genetic testing companies. The law grants individuals property rights over their biological samples and genetic test results, restricting companies from sharing this data without written consent or a warrant. Companies must implement measures to protect de-identified data, publish privacy policies, and establish processes for data access and deletion. Violations can result in civil penalties, enforceable by the Texas Attorney General. The legislation takes effect on September 1, 2023.

The Federal Trade Commission (FTC) has issued a reminder to companies about the importance of privacy and data security when collecting biometrics. This comes amidst the surge of BIPA litigation in Illinois. The FTC's policy statement indicates that it may pursue biometric-related actions soon and provides recommendations to avoid deception and unfairness. These include not making false claims about biometric technologies, avoiding deceptive practices regarding the use of biometrics, addressing foreseeable harms, not collecting biometric information surreptitiously, and ensuring proper evaluation and training regarding third-party access to biometric data.

The FTC has issued a policy statement reminding companies to consider general privacy and data security concerns when collecting biometrics, especially in light of ongoing BIPA litigation in Illinois. The FTC's recommendations include avoiding unsubstantiated claims about biometric technologies, preventing deceptive practices, addressing foreseeable harms, avoiding surreptitious data collection, evaluating third-party access to biometric data, and training employees handling such information. This guidance signals potential future actions by the FTC regarding biometric data practices.

The FTC has issued a policy statement reminding companies of privacy and data security concerns related to the collection of biometrics, particularly in light of ongoing BIPA litigation in Illinois. The statement suggests potential future actions against companies that engage in deceptive practices or fail to address foreseeable harms associated with biometric technologies. Recommendations include avoiding false claims about technology efficacy, ensuring transparency in biometric data usage, preventing surreptitious data collection, evaluating third-party access, and training employees handling biometric information.

Texas is enacting the Texas Data Privacy and Security Act to protect consumer personal data, joining other states in comprehensive privacy legislation. The Act applies to businesses operating in Texas, excluding small businesses, state agencies, and certain other entities. It imposes duties on data controllers and processors, including data protection assessments and consumer rights to access, correct, and delete personal data. The Texas Attorney General has exclusive enforcement authority, with civil penalties for violations. Businesses must assess their compliance and prepare to meet the Act's requirements.

The Federal Trade Commission (FTC) has proposed changes to the Health Breach Notification Rule to clarify its application to mobile health applications and related technologies. The proposed rule updates definitions for terms such as 'PHR identifiable information,' 'health care provider,' and 'personal health record,' and expands the notice requirements to include electronic communications. The changes aim to ensure that vendors of health-oriented applications understand their obligations under the rule, which requires them to notify consumers and the FTC in the event of a security breach involving unsecured health information. Comments on the proposed rule are due by August 8, 2023.

Texas has introduced the Texas Data Privacy and Security Act to enhance consumer data protection. The Act applies to businesses operating in Texas that process or sell personal data and are not classified as small businesses by the U.S. Small Business Administration. It imposes duties on data controllers and processors, including data minimization, security practices, and consumer rights to access, correct, and delete personal data. The Texas Attorney General has exclusive enforcement authority, with civil penalties up to $7,500 per violation. Businesses must assess their compliance and prepare to meet the Act's requirements.

Texas is enacting the Texas Data Privacy and Security Act to protect consumer personal data, joining other states in comprehensive privacy legislation. The Act grants consumers rights over their data and imposes duties on businesses processing personal data, excluding small businesses and entities governed by HIPAA. Controllers must limit data collection, maintain security practices, and provide consumer notices and opt-out options. The Texas Attorney General has exclusive enforcement authority, with civil penalties for violations. Businesses must assess compliance and prepare for consumer requests.

The Florida Legislature has amended the Florida Electronic Health Records Exchange Act to prohibit certain health care providers from storing qualified electronic health records outside the United States, its territories, or Canada. This includes records stored through third-party or subcontracted services. The amendment affects a wide range of health care providers and facilities, and is set to take effect on July 1, 2023. Providers must ensure that patient information storage complies with the new law and reassess their contracts with third-party vendors.

The Federal Trade Commission (FTC) has proposed changes to the Health Breach Notification Rule to clarify its application to mobile health applications and related technologies. The proposed updates aim to ensure that vendors of personal health records and related entities understand their obligations under the Rule, which includes notifying consumers and the FTC in the event of a security breach. The changes include updated definitions for terms such as 'PHR identifiable information,' 'health care provider,' and 'breach of security,' among others. The FTC also proposes expanding the use of electronic communications for breach notifications and including additional components in the breach notices. Comments on the Proposed Rule are due by August 8, 2023.

The Centers for Medicare & Medicaid Services (CMS) has issued a proposed rule to adopt standards under HIPAA for health care attachment transactions, aiming to increase efficiency and standardization. The rule is expected to result in significant cost savings and reduce administrative paperwork, allowing healthcare providers to focus more on patient care. It mandates a standard format for transmitting health care attachments and electronic signatures, which will improve reliability and reduce fraud. The American Hospital Association has endorsed the modifications, which are anticipated to alleviate administrative burdens and reduce provider burnout. The rule will impact all HIPAA-covered entities and is open for comments until March 21, 2023, with new standards to be enforced 24 months after the final rule's effective date.

The Centers for Medicare & Medicaid Services (CMS) has issued a proposed rule to adopt standards under HIPAA for health care attachment transactions, aiming to increase efficiency and standardization. The rule is expected to result in significant cost savings and reduce administrative paperwork, allowing healthcare providers to focus more on patient care. The proposed standards include a uniform format for electronic signatures and health care attachments, which are documents that provide additional information for healthcare payment decisions. The American Hospital Association has endorsed the modifications, which are anticipated to improve reliability, reduce provider burnout, and minimize fraudulent tampering in healthcare claims and prior authorization transactions.

Telehealth, which became prominent during the COVID-19 pandemic, will continue to be a significant part of healthcare even after the public health emergency (PHE) ends on May 11, 2023. The Consolidated Appropriations Act, 2023, signed by President Joe Biden, extends several telehealth flexibilities through the end of 2024. These include expanded definitions of 'originating site' and 'practitioner,' authorization for Rural Health Clinics and Federally Qualified Health Centers to provide telehealth services, and the continuation of audio-only telehealth services. Telehealth providers must remain vigilant about compliance as they transition to a post-PHE environment.

Lawmakers are increasingly focusing on regulating AI to prevent discrimination, particularly in health care. California is leading with proposed legislation such as Assembly Bill 1502, which aims to ban discriminatory practices by health care service plans and insurers using AI, and Assembly Bill 331, which seeks to regulate algorithmic discrimination in automated decision tools. These bills could set a precedent for other states. The Biden Administration's Blueprint for AI Bill of Rights also highlights federal efforts to address AI-related discrimination.

The article discusses the increasing scrutiny and enforcement of HIPAA regulations concerning social media interactions by healthcare providers. It highlights the challenges providers face in responding to patient reviews without violating HIPAA and state data privacy laws. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has been actively monitoring and intervening in cases of inappropriate disclosure of Protected Health Information (PHI) on public platforms. The article emphasizes the importance of HIPAA-regulated entities assessing their compliance obligations and consulting with privacy officers or legal counsel before responding to online reviews.

The article discusses the increasing scrutiny and enforcement of HIPAA regulations concerning social media interactions by healthcare providers. It highlights the challenges providers face in responding to patient reviews without violating privacy laws. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has been actively monitoring and intervening in cases of inappropriate disclosure of Protected Health Information (PHI) on public platforms. The article emphasizes the importance of HIPAA-regulated entities assessing their compliance obligations and consulting with privacy officers or legal counsel before responding to online reviews.

The Consolidated Appropriations Act, 2023, signed by President Biden on December 29, 2022, allocates nearly $1.7 trillion in funding for various domestic initiatives, including healthcare. The Act extends Medicare telehealth service flexibilities through December 31, 2024, modifies the definitions of 'originating site' and 'practitioner' for telehealth, and extends authorization for Rural Health Clinics and Federally Qualified Health Centers to provide telehealth services. It also delays certain in-person visit requirements for telehealth mental health services and extends coverage for audio-only telehealth services. The Act includes extensions and adjustments to Medicare programs, such as increased inpatient hospital payment adjustments for low-volume hospitals, add-on payments for ambulance services, and physician reimbursement changes. It also addresses Medicaid and CHIP adjustments, including funding for the Medicaid Improvement Fund, transitioning from FMAP increase requirements, and continuous eligibility for children. The Act emphasizes services for eligible juveniles in public institutions, COVID-19 vaccine coverage, and funding for related healthcare programs. Additionally, it focuses on behavioral health and substance use treatment, with provisions for funding, supporting offices and committees, crisis response continuum of care, and programs supporting maternal mental health. Medicare reforms include new coverage and funding for mental health services and updates to data collection, reporting, and the Anti-Kickback Act.

The U.S. Department of Health and Human Services has announced proposed changes to 42 C.F.R. Part 2, which governs the privacy of substance use disorder treatment records. The changes aim to align these regulations more closely with HIPAA, providing greater flexibility for patients and providers, and addressing issues such as consent requirements, redisclosure options, penalties for violations, and breach notification obligations. Public comments on the Proposed Rule are open until January 31, 2023, with a Final Rule expected in 2023.

The U.S. Department of Health and Human Services has proposed changes to 42 C.F.R. Part 2, which governs the medical records of federally assisted substance use treatment programs. The proposed rule aims to align Part 2 more closely with HIPAA, creating greater flexibility for patients and providers. Key revisions include aligning consent requirements with HIPAA, allowing single patient consent for future uses, applying HIPAA's penalties for violations, and updating confidentiality notice requirements. Public comments are open until January 31, 2023, with a final rule expected later in 2023.

Five teenagers were seriously injured in a car crash on Stoney Creek Road, Beverly Hills, Sydney, when a Honda Accord driven by an 18-year-old collided with a power pole. Witnesses described the driver as dazed and agitated post-crash. Two female passengers, both 16, suffered significant injuries, while two male passengers, aged 15 and 16, were also injured. The driver sustained minor injuries. NSW Police are investigating whether speed was a factor. The incident is eerily similar to a recent crash in Buxton that killed five teenagers. Authorities are urging the community to drive safely and are appealing for information regarding the Beverly Hills crash.

The Office of Civil Rights (OCR) has issued guidance on the use of audio-only telehealth services in compliance with HIPAA as the COVID-19 public health emergency winds down. The guidance addresses the application of HIPAA's Privacy and Security Rules to telehealth, emphasizing the need for reasonable safeguards to protect PHI and the conditions under which business associate agreements are required. The Security Rule generally does not apply to standard landline communications but does apply to electronic communications via VoIP or mobile technologies. The guidance aims to help healthcare providers transition smoothly as regulatory flexibilities expire.

Michael Sutton, a writer and artist based in Liverpool, has poems featured from his upcoming book 'music/lyrics' set to be released on July 17, 2020, by Hesterglock Press.

The United States is experiencing a critical state of cyber espionage, with President Obama ordering an investigation into Russia's alleged election tampering. Cybersecurity has evolved beyond mere disruption, with sophisticated groups potentially tied to nation-states engaging in espionage. Transparency in elections and infrastructure security is crucial. Cyber attacks have become prevalent due to technology's integral role in organizations, with notable breaches like Ashley Madison and the Panama Papers causing embarrassment and financial damage. Organizations should improve network visibility, limit employee access, and segment networks to prevent widespread damage from breaches. Michael Sutton, chief information security officer for Zscaler, emphasizes the importance of preparing for and responding to cyber threats.