The Department of Health and Human Services’ (HHS) information security program failed to meet federal effectiveness standards according to a November 14, 2024, audit report, signaling important cybersecurity lessons for healthcare entities and digital health companies.  Specifically, the report stated... Read More ›

On July 25, 2024, the U.S. Department of Health and Human Services (HHS) announced a reorganization that emphasizes artificial intelligence, cybersecurity, data, and technology. Specifically, this involves moving technology and data policy and strategy functions from the Office of the Assistant Secretary... Read More ›

On September 4, 2024, the U.S. Court of Appeals for the Fifth Circuit dismissed the federal government’s appeal in the case brought by the American Hospital Association (AHA) concerning the use of third-party online tracking technologies by health care providers... Read More ›

On June 20, 2024, the Court issued its judgment in the American Hospital Association (AHA)’s case against the Department of Health and Human Services (HHS) concerning the use of third-party online tracking technologies on unauthenticated, public-facing webpages of healthcare providers.... Read More ›

On April 26, 2024, the Federal Trade Commission (“FTC”) announced that it had finalized amendments to its Health Breach Notification Rule (“HBNR” or “Rule”). The Rule requires vendors of personal health records (“PHRs”) and related entities not subject to HIPAA... Read More ›

In February 2024, the final version of a resource guide concerning cybersecurity and the implementation of the HIPAA Security Rule was published by the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce.   It provides... Read More ›

On April 11, 2024, the American Hospital Association (AHA) and its Co-Plaintiffs responded to legal arguments by the U.S. Department of Health and Human Services (HHS) concerning certain restrictions on the use of third-party tracking technologies on hospital websites.  ... Read More ›

The U.S. Department of Health and Human Services (HHS) recently published Healthcare and Public Health Sector (HPH) Cybersecurity Performance Goals (CPGs) in a document entitled, “Strengthening the Cybersecurity of the Healthcare Sector and Keeping Patients Safe and Secure.”  These voluntary... Read More ›

  In March 2024, the Office of the National Coordinator for Health Information Technology (ONC) under the U.S. Department of Health and Human Services (HHS) released a draft of its 2024-2030 Federal Health IT Strategic Plan (draft plan) for public... Read More ›

On March 28, 2024, the White House Office of Management and Budget (OMB) released a memorandum concerning AI, with the specific subject matter of “Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence.” The scope of the... Read More ›

On March 21, 2024, the U.S. Department of Health and Human Services (HHS) provided their legal position concerning the use of tracking technologies on hospital and other healthcare provider websites and apps in the legal action brought by the American... Read More ›

The U.S. Department of Health and Human Services (HHS) has been making efforts to increase cybersecurity in the health care sector and outlined its strategy in a concept paper released in December 2023. The paper stresses that both patient safety... Read More ›