May 19, 2017, Inside Medical Devices

Last week, the Health Care Industry Cybersecurity (HCIC) Task Force (the “Task Force”) published a pre-release copy of its report on improving cybersecurity in the health care industry.  The Task Force was established by Congress under the Cybersecurity Act of 2015.  The Task Force is charged with addressing challenges in the health care industry “when...… ...

April 3, 2017, Inside Privacy

The beginning of 2017 has brought a number of HIPAA enforcement actions involving covered entities. These enforcement actions indicate that HHS is continuing recent efforts to step up HIPAA enforcement and levy significant penalties for non-compliance. In January, HHS announced that it had reached a $475,000 settlement with a large health care network for ...

December 23, 2016, Inside Privacy

A new post over on Covington’s eHealth blog discusses HIPAA-related provisions in the Twenty-First Century Cures Act, signed by President Obama on December 13.   These provisions direct HHS to consider HIPAA’s effects on mental health treatment and the availability of health data for research purposes.  Read the full post here.… Continue Reading

December 23, 2016, Covington Digital Health

On December 13, 2016, President Obama signed the 21st Century Cures Act (“Cures Act”), Pub. L. 114-255, which aims to expand medical research and expedite the approvals of drug therapies for patients.  The Cures Act also contains several provisions related to the HIPAA Privacy and Security Rules.  None of these provisions make substantive changes to...… Continue ...

October 28, 2016, Covington Digital Health

The Department of Health and Human Services (HHS) recently published guidance on HIPAA requirements governing the use of cloud computing entities, specifically cloud services providers (CSPs). In this guidance, HHS explains that CSPs that create, receive, maintain, or transmit protected health information (PHI) on behalf of a covered entity or business associate ...

October 21, 2016, Inside Medical Devices

The Department of Health and Human Services (HHS) recently published guidance on HIPAA requirements governing the use of cloud computing entities, specifically cloud services providers (CSPs). In this guidance, HHS explains that CSPs that create, receive, maintain, or transmit protected health information (PHI) on behalf of a covered entity or business associate ...

July 7, 2016, Inside Privacy

Last month, the FDA released a draft guidance document on the sharing of patient-specific data associated with medical devices, including information recorded, stored, processed, retrieved, and/or derived from the device.  A new post on Covington’s Inside Medical Devices blog discusses the draft guidance and its implications for sharing patient information.… ...

July 7, 2016, Inside Privacy

A new post over on Covington’s eHealth blog discusses a recent enforcement action taken by the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) against Catholic Health Care Services, a business associate under HIPAA, arising out of a stolen iPhone.  This recent enforcement action should put business associates...… Continue ...

July 7, 2016, Covington Digital Health

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently announced a significant settlement with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a business associate under HIPAA, arising from a breach of protected health information (PHI) after the theft of an employee’s iPhone.  The iPhone...… ...

July 5, 2016, Inside Medical Devices

Last month, the FDA released a draft guidance document on the sharing of patient-specific data associated with medical devices, including information recorded, stored, processed, retrieved, and/or derived from the device.  FDA noted that patients increasingly seek to play an active role in their own health care and that providing patients access to information ...

April 28, 2016, Inside Privacy

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has been busy.  In addition to its recent efforts to begin audits of covered entities and business associates, OCR has announced a slew of enforcement actions against covered entities for alleged HIPAA violations. Last month, OCR announced two seven-figure settlements...… ...

April 21, 2016, Inside Privacy

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has begun to audit covered entities and business associates for compliance with HIPAA.   A new post on the Covington eHealth blog discusses recent developments in OCR’s efforts  to move these audits forward.… Continue Reading

April 21, 2016, Covington Digital Health

Phase 2 HIPAA Audits Underway The HHS Office for Civil Rights (OCR) has begun its effort to audit covered entities and business associates for compliance with HIPAA. We have previously reported on OCR’s preparations for these proactive audits. OCR implemented Phase 1 of the program in 2011 as a pilot program, under which OCR evaluated...… Continue Reading

April 11, 2016, Inside Privacy

A new post on the Covington eHealth blog discusses the new web-based interactive tool released by the FTC, in conjunction with HHS and the FDA, to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and data security and privacy.  As part of...… Continue Reading

April 7, 2016, Inside Medical Devices

A new post on the Covington eHealth blog discusses the new web-based interactive tool released by the FTC to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and data security and privacy.… Continue Reading

April 7, 2016, Covington Digital Health

On April 5, the Federal Trade Commission (FTC), in conjunction with the Food and Drug Administration (FDA) and the Department of Health and Human Services (HHS), released a new web-based interactive tool to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and...… ...

April 1, 2016, Covington Digital Health

On February 29, 2016, the Centers for Medicare and Medicaid Services (CMS) issued a State Medicaid Directors Letter (SMDL) that expands the scope of expenditures eligible for the 90 percent federal match for activities to promote the use of a health information exchange (HIE) and the adoption of certified electronic health record (EHR) technology by...… Continue ...

February 26, 2016, Inside Privacy

On Tuesday, February 9, the Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposed rule to update regulations at 42 C.F.R. Part 2 that protect the confidentiality of alcohol and drug abuse patient records.  The regulations were originally promulgated in 1975 and last substantively updated in 1987.  SAMHSA intends for these ...

January 28, 2016, Inside Privacy

The Senate Judiciary Committee today successfully reported H.R. 1428, the Judicial Redress Act of 2015.  However, the bill included an amendment to the House-passed version that has the potential to influence current negotiations between the United States and the European Union to reach a new Safe Harbor agreement. As we previously reported, the Judicial ...

January 12, 2016, Inside Privacy

On January 6, as part of President Obama’s executive action to combat gun violence, HHS promulgated a final regulation modifying the HIPAA Privacy Rule to allow certain HIPAA covered entities to disclose limited information to the National Instant Criminal Background Check System (NICS).  We previously discussed the proposed rule here. Background:  The NICS, ...

January 6, 2016, Covington Digital Health

Last week, the Centers for Medicare and Medicaid Services (CMS) published a request for information (RFI) seeking public comment regarding areas of certification and testing of health IT as part of the Electronic Health Records (EHR) meaningful use program. Beginning in 2018, participants in the Stage 3 Meaningful Use EHR incentive program must electronically ...

November 19, 2015, Covington Digital Health

While Americans continue the trend towards replacing the traditional phone call with email and texts, health care providers have yet to catch on when interacting with their patients. A recent survey by Nielsen Strategic Health Perspectives found that less than a third of Americans have access to digital communications with their physicians: The survey found...… ...

October 12, 2015, Covington Digital Health

A new post on Covington’s Inside Medical Devices blog discusses a new portal recently launched by HHS seeking questions from mobile health application developers.  The platform allows for individuals to both submit and review questions on the HIPAA implications of these mobile health applications.  To read the post, click here.… Continue Reading

October 9, 2015, Inside Medical Devices

On October 5, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services launched a new platform to enable developers of mobile health technology, as well as others “interested in the intersection of health information technology and HIPAA privacy protection.” OCR notes that there is currently “an explosion of technology...… Continue ...

September 18, 2015, Covington Digital Health

Recent news reports indicate that the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) is planning to move ahead with its plan to begin proactive HIPAA audits of business associates and covered entities. In the past, OCR has relied primarily on self-reports of breaches from covered entities (as required...… Continue Reading

November 18, 2014, Global Policy Watch

The mid-term election brings an historic changing of the guard in the health care leadership in Congress.  Republicans will take control of the Senate in January and gain key chairmanships.  Senior Democrats like Senators Harkin and Rockefeller, and Representatives Dingell and Waxman, who have been leaders on health policy issues for decades, are retiring. ...

May 27, 2014, Inside Medical Devices

The medical device tax is back in the news, after recent congressional efforts to delay or repeal the tax.  The most recent efforts arose in the context of the “tax extenders” bill, which extends until the end of 2015 more than 50 tax provisions that are due to expire at the end of 2014. In...… Continue Reading

May 1, 2014, Inside Compensation

Recently, HHS Office of Civil Rights (OCR) announced that it has entered into settlement agreements with two entities following enforcement actions, both arising from stolen laptops that were not encrypted in accordance with the Security Rule. According to HHS, an unencrypted laptop was stolen from a physical therapy center in Springfield, Missouri.  The center ...

March 21, 2014, Inside Medical Devices

A recent analyst report indicates that health care organizations and internet-connected medical devices are increasingly vulnerable to cyber-attacks. The Health Care Cyberthreat Report was issued in February 2014 by the SANS Institute, which describes itself as a cooperative research and education organization that is a source of cybersecurity training, security ...

December 9, 2013, Inside Medical Devices

Recently, the Office of Inspector General (OIG) at HHS released a report on the HIPAA enforcement efforts of HHS’s Office for Civil Rights (OCR).  Specifically, the OIG looked at whether OCR’s efforts to enforce HIPAA’s Security Rule were adequate.  The OIG’s findings may lead to increased enforcement efforts by OCR. Background on the Security Rule...… Continue ...

November 8, 2013, Inside Medical Devices

We have previously discussed the effect of sequestration on FDA user fees.  Pharmaceutical and device manufacturers pay these user fees into a fund, which the FDA then draws upon to accelerate approval of new products and devices.  However, despite the fact that these funds are paid by private industry and are not derived from general...… Continue Reading

11/07/2013

WASHINGTON, DC, November 7, 2013 — Salix Pharmaceuticals, Ltd., and Santarus, Inc. announced today that the companies have entered into a merger agreement where Salix will acquire all of the outstanding stock of Santarus for $32 in cash per share, for a total value of approximately $2.6 billion. Covington & Burling LLP is advising Salix on both the acquisition ...

October 18, 2013, Inside Medical Devices

We previously reported about the prominent role played by the medical device tax in the government shutdown/debt ceiling negotiations.   At various points, repeal of the medical device tax was included in proposed measures to fund the government.  When full repeal appeared to be off the table, several sources reported that Congress had considered a two-year...… ...

February 7, 2013, Covington Advisory

June 29, 2012, Covington Advisory

September 5, 2011, BNA Product Safety & Liability Reporter