On January 5, 2021, an amendment to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act was signed into law. The amendment requires the U.S. Department of Health and Human Services (“HHS”) to “consider certain recognized security practices of covered entities and business associates when making certain determinations” regarding fines, audit results, or … Continue Reading
On September 2, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced a new “Health Apps” feature on the HHS.gov website. The new website, which replaces the OCR’s Health App Developer Portal, highlights existing guidance for mobile health (“mHealth”) apps regarding the Health Insurance Portability and Accountability Act (“HIPAA”) … Continue Reading
On April 21, 2020, the Department of Health and Human Services (“HHS”) announced that, as a response to the COVID-19 public health emergency, it will exercise enforcement discretion to “permit compliance flexibilities” regarding the implementation of the interoperability final rules issued on March 9th, 2020. This joint announcement was made by the Office of the … Continue Reading
On March 4, 2019, the Department of Health and Human Services (HHS) published two proposed rules to improve patient access to personal health data. The two rules, issued by the HHS Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC), are intended to increase interoperability … Continue Reading
On 17 October, the UK Government’s Department of Health and Social Care (DHSC) published a policy paper entitled “The future of healthcare: our vision for digital, data and technology in health and care” (the Policy Paper). The Policy Paper outlines the DHSC’s vision to use technology across the health and care system, from “getting the … Continue Reading
On 5 September, in response to the opportunities presented by data-driven innovations, apps, clinician decision support tools, electronic health care records and advances in technology such as artificial intelligence, the UK Government published a draft “Initial code of conduct for data-driven health and care technology” (Code) for consultation. The Code is designed to be supplementary … Continue Reading
Inflection Point for IoT In a relatively short amount of time, the adoption of the Internet of Things (IoT) and its applications— from smart cars to the myriad of interconnected sensors in the General Service Administration building reminiscent of HAL 9000 from 2001: A Space Odyssey— has rapidly proliferated, providing significant opportunities and benefits. However, … Continue Reading
As 2018 gets underway, EHR vendors and users continue to face challenges and uncertainty. There are three legal and regulatory issues in particular that we think are important to watch over the next 10 months:… Continue Reading
Technology companies widely use open source software (“OSS”), which carries with it many potential benefits. It can reduce the time and cost of development, and, to the extent that the code has been vetted by numerous other developers, may contain fewer bugs. OSS can also reduce dependency upon third party vendors and associated pricing risks. … Continue Reading
At the beginning of August, the D.C. Circuit found that the fact that a data breach has occurred and individual consumer information has been lost may constitute sufficient injury to confer standing on those individual victims at the pleading stage–irrespective of whether any stolen information has been misused. Specifically, Attias, et al. v. CareFirst, Inc., … Continue Reading
Digital health solution providers, and users of digital health services, should take note of three recently launched EU public consultations in the digital health space, and may wish to make submissions to help shape the future of digital health initiatives in the EU. The earliest deadline for submissions is 16 August 2017. EU Commission Transformation … Continue Reading
The UK Information Commissioner’s Office (“ICO”), which enforces data protection legislation in the UK, has ruled that the NHS Royal Free Foundation Trust (“Royal Free”), which manages a London hospital, failed to comply with the UK Data Protection Act 1998 in providing 1.6 million patient records to Google DeepMind (“DeepMind”), requiring the Royal Free to sign an … Continue Reading
On May 11, 2017, the European Cloud in Health Advisory Council (ECHAC) – a group of healthcare organizations, technology companies and patient representatives – launched its second whitepaper focused on use of data to improve health outcomes and delivery of care. ECHAC launched the whitepaper at an eHealth Week 2017 session attended by ECHAC participants and … Continue Reading
A research letter published this month in the Journal of the American Medical Association reported that only a small fraction of seniors in the United States use digital health technology. The authors applied statistical analysis to data gleaned from a nationally representative sample of Medicare beneficiaries age 65 and older. In 2011, 16% of seniors … Continue Reading
The UK Government has opened a consultation, running until September 7, 2016, regarding how UK National Health Service (NHS) patient data should be safeguarded, and how it could be used for purposes other than direct care (e.g. scientific research). The consultation comes after two parallel-track reviews of information governance and data security arrangements in the … Continue Reading
On 15 July 2016, the European Commission updated MEDDEV 2.1/6 (the “MEDDEV Guidance), its medical device guidance on the qualification and classification of stand alone software used in the healthcare setting. The updated version replaces an earlier version of MEDDEV 2.1/6 issued by the European Commission in January 2012. MEDDEV 2.1/6 generally stands as a … Continue Reading
Following a 2014 mHealth consultation and two open stakeholder meetings in 2015 (see here and here), the European Commission has announced the formation of a new working group aiming to draft guidelines on mHealth app data quality.… Continue Reading
Last week, the Centers for Medicare and Medicaid Services (CMS) published a request for information (RFI) seeking public comment regarding areas of certification and testing of health IT as part of the Electronic Health Records (EHR) meaningful use program. Beginning in 2018, participants in the Stage 3 Meaningful Use EHR incentive program must electronically report … Continue Reading
Last week, the chairmen and ranking members of the Senate Committee on Health, Education, Labor, and Pensions and the Senate Committee on Finance sent a letter to Andy Slavitt, Acting Administrator for the Centers for Medicare & Medicaid Services (“CMS”), and Jocelyn Samuels, Director of the Health and Human Services (“HHS”) Office for Civil Rights … Continue Reading
Although telemedicine has made many technological advancements in the past decade, it still faces several legal and financial barriers to widespread use and acceptance. Chief among these are poor reimbursement policies; according to the American Telemedicine Association, 29 states earned an “F” for coverage and reimbursement standards. States have attempted to rectify some of these … Continue Reading
The Department of Defense (DOD) is expected to select a contractor sometime this summer to modernize its electronic health records (EHR) system. The DOD’s $11 billion Healthcare Management Systems Modernization Electronic Health Record program will replace the agency’s existing EHR system, which supports more than 9.7 million beneficiaries, including active duty personnel, retirees, and their … Continue Reading
May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention. The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier. In parallel, the French data protection authority announced … Continue Reading
We recently posted on the Inside Privacy blog about an update to the Guide to Privacy and Security of Electronic Protected Health Information issued by the Office of the National Coordinator for Health Information (ONC). The updated guide incorporates the most current standards in accordance with the new final rules, issued in 2013, under the Health Information … Continue Reading
The Article 29 Working Party has published a letter (with Annex) to the European Commission, clarifying the scope of the key legal term “health data” in relation to lifestyle and wellbeing apps.… Continue Reading
