Kim Gold (US)

Subscribe to all posts by Kim Gold (US)

OCR proposes to share HIPAA data breach settlements with victims

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) plans to issue an advance notice of proposed rulemaking this November on potentially sharing HIPAA breach settlements with victims. The notice would solicit public opinion on creating a process for sharing a percentage of any penalty or settlement with those harmed … Continue reading

NIST releases latest version of its Cybersecurity Framework

On April 16, 2018, the National Institute of Standards and Technology (NIST) unveiled Version 1.1 of its widely known Cybersecurity Framework, which incorporates changes based on feedback collected through comments, questions, and workshops held in 2016 and 2017. The Cybersecurity Framework aims to focus on industries vital to national and economic security, including energy, banking, … Continue reading

Uber as a HIPAA business associate

Uber recently announced the launch of Uber Health, a non-emergency ride service that allows healthcare providers to schedule and pay for transportation for their patients. The stated purpose of the service is to expand medical transportation to traditionally underserved areas. Roughly 3.6 million Americans miss medical appointments each year due to lack of reliable transportation, contributing to the … Continue reading

Amended Colorado bill aims to enhance data privacy laws

As Health Law Pulse posted on January 29, 2018, lawmakers in Colorado are considering legislation that, if enacted, would significantly strengthen Colorado’s data privacy protections. On Wednesday, February 14, 2018, an amended bill passed unanimously in Colorado’s House Committee on State, Veterans and Military Affairs. The proposed bill overlaps with the Health Insurance Portability and … Continue reading

HHS OCR issues cyber extortion newsletter

This week, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published a January 2018 newsletter focusing on “cyber extortion.” Cyber extortion often involves an attacker gaining access to an organization’s computer system, stealing sensitive information, and threatening to publish the information. Healthcare and public health organizations are often the … Continue reading

South Dakota and Colorado strengthen data breach protections

Last week, South Dakota moved closer to implementing a data breach notification law, while Colorado legislators introduced a new bill requiring “reasonable security procedures,” imposing data disposal rules and shortening the time frame in which to alert authorities regarding a breach.  South Dakota and Colorado are the latest states taking steps in cybersecurity lawmaking in … Continue reading

FDA / EMA parallel scientific advice principles published

The U.S. Food and Drug Administration (FDA) and European Medicines Agency (EMA) recently released an updated “General Principles” statement regarding the agencies’ parallel scientific advice (PSA) program for human medical products. The PSA program provides scientific advice and protocol assistance in parallel to sponsors. “Sponsor” refers to: in the US, the sponsor of an Investigational … Continue reading

FDA and NIH finalize clinical trial protocol template

On May 2, 2017, the U.S. Food and Drug Administration (“FDA”) and The National Institutes of Health (“NIH”), through the NIH-FDA Joint Leadership Council, released the final version of a clinical trial protocol template in an effort to assist investigators conducting clinical trials and to create cost and time efficiencies in the medical product development … Continue reading

News from DC – Reducing Regulations

January 20, 2017 Memorandum from Reince Priebus On January 20, 2017, the White House issued a memorandum for the Heads of Executive Departments and Agencies. In the memorandum, Reince Priebus, Assistant to the President and Chief of Staff, provided a directive including the following: Do not send any regulations to the Office of the Federal … Continue reading

FDA receives citizen petition regarding labeling of added sugars in food

On January 25, 2017, the nonprofit science group, Union of Concerned Scientists, filed a citizen petition with the U.S. Food and Drug Administration (“FDA”), urging the FDA to prohibit foods with high amounts of added sugars from being labeled or advertised as nutritious or healthy. The petition is open for public comment until July 25, … Continue reading

FDA issues final guidance on postmarket medical device cybersecurity

On December 28, 2016, the U.S. Food and Drug Administration (FDA) released final guidance on the management of cybersecurity vulnerabilities for marketed and distributed medical devices.  The guidance establishes a risk-based approach for the reporting of medical device cybersecurity vulnerabilities to the FDA. The FDA guidance reflects the agency’s concerns that cybersecurity vulnerabilities in networked … Continue reading

OCR launches Phase 2 of the HIPAA Audit Program

The HHS Office for Civil Rights (OCR) announced on Monday that it has launched the long-awaited Phase 2 of its HIPAA Privacy, Security, and Breach Notification Audit Program. The purpose of the Audit Program is to assess the compliance of covered entities and business associates with the HIPAA Privacy, Security and Breach Notification Rules. The … Continue reading

OCR issues guidance on HIPAA Security Rule Compliance and mobile health apps

The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) recently published two guidance documents to aid organizations in complying with HIPAA. The Crosswalk The HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework (the “Crosswalk”), developed in connection with the National Institute of Standards and Technology (“NIST”) and the Office of the … Continue reading

HHS releases Stage 3 meaningful use and certification criteria final rules

On October 6, 2015, the Centers for Medicare and Medicaid Services (CMS) published a final rule for Stage 3 of the Electronic Health Record (EHR) Incentive Program. In the final rule, CMS specifies the criteria for eligible professionals (EPs) and eligible hospitals to qualify for Medicare and Medicaid EHR incentive program payments and to avoid … Continue reading

HHS offers HIPAA compliance resource for mobile app developers

On October 5, 2015, the HHS Office of Civil Rights (OCR) unveiled a new resource to provide mobile health (mHealth) developers guidance on complying with Health Information Portability and Accountability Act (HIPAA) requirements applicable to those organizations. The portal permits developers to submit questions and offer comments on existing OCR guidance regarding how mobile medical … Continue reading

HHS releases proposed rules for Stage 3 Meaningful Use

On March 20, the Department of Health and Human Services (HHS) issued two proposed rules intended to improve the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs. The HHS Centers for Medicare and Medicaid Services (CMS) published the long-awaited Stage 3 proposed rule, which specifies eight meaningful use criteria that must be met in … Continue reading