Washington’s My Health My Data Act (MHMDA), signed into law last year, is here and goes into effect on March 31, 2024, with small businesses having until June 30, 2024 to comply. As previously reported, the new data privacy law is broad and will have significant impact for both Washington residents and persons whose business or data flows through the state. In brief, the legislation is intended to protect consumer health data not otherwise protected by state and federal healthcare privacy regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Health Law Scan
Legal Insights and Perspectives for the Healthcare Industry
The Seventh Circuit recently rejected a series of class action claims against Google and the University of Chicago Medical Center alleging that the medical center improperly sold patient health information to the tech giant, which, in conjunction with Google’s other data, could be used to reveal patient identities and other sensitive information. The court’s July 11, 2023 decision is a major win for privacy compliance officers, whose jobs have become increasingly arduous with the proliferation of new privacy laws and the potential for significant consequences for violations.
The new Civil Cyber-Fraud Initiative of the US Department of Justice’s use of the punitive False Claims Act (FCA) and its whistleblower provisions has some important legal and risk management considerations for the health industry. Because enforcement will initially occur largely through civil investigations applying the FCA in the broadest possible way, healthcare organizations should undertake a priority assessment of their cybersecurity status to ensure that their practices can withstand hacks, whistleblowers, and government scrutiny.
The HHS Office of Inspector General (OIG) recently announced its Office of Audit Services plans to conduct a nationwide review of hospice eligibility, focusing on those Medicare hospice beneficiaries who haven't had an inpatient hospital stay or an ER visit in certain periods prior to their start of hospice care.
Biometrics are physical or behavioral human characteristics that can be used to digitally identify a person to grant access to systems, devices, or data. Examples of biometric identifiers are fingerprints, facial geometry scans, and voice prints, as each are considered unique to the individual. Unlike a Social Security number, a person’s biometric data generally cannot be altered.
Ransomware attacks are increasing in their severity and sophistication, with healthcare companies being significant targets. Ransomware actors often target businesses believed to have fewer resources to invest in cyber protection, as well as those holding sensitive data, in the hopes that they will be more likely to make a quick ransom payment.
We invite Health Law Scan readers to join Morgan Lewis for the 11th Technology May-rathon, our annual series of tailored webinars focused on current technology issues, trends, and developments that are of key importance to our friends and clients.
Members of our labor and employment team recently published a LawFlash discussing the US Department of Labor’s (DOL’s) April 14 issuance of three pieces of subregulatory guidance addressing the cybersecurity practices of retirement plan sponsors, vendors, and plan participants respectively. This resource, which includes our team’s analysis and observations, may be of particular interest to employers in the healthcare sector, who are all too familiar with how important it is to keep data secure.
We invite Health Law Scan readers to join Morgan Lewis for an upcoming webinar series, Privatization of the Vaccine Rollout, which will explore the legal and regulatory issues for businesses that have become increasingly central to rolling out vaccines in the United States and around the globe.
Last month we had an incredibly insightful Fast Break analyzing a significant HIPAA enforcement victory for The University of Texas MD Anderson Cancer Center (MD Anderson) in the US Court of Appeals for the Fifth Circuit. If you missed our live program with Morgan Lewis partner Scott McBride and MD Anderson Deputy Chief Compliance Officer Krista Barnes, you can still view the presentation, or check out the highlights below.