BillOn March 19, 2020, Governor Pritzker issued Executive Order 2020-09 (the “Executive Order”), expanding access to health care services for all Illinois residents provided through remote means during the term of the COVID-19 Gubernatorial Disaster Proclamation, which declares a state of disaster in Illinois. The Executive Order expands the technologies that may be used to deliver telehealth services and creates a coverage requirement for all medically necessary services delivered through telehealth. The Executive Order is followed by the recent CARES Act, which expands access to telehealth for Medicare beneficiaries, and the filing of an 1135 Waiver under the Social Security Act by the Illinois Department of Health and Family Services (“IDHS”) to expand its already broad Medicaid coverage of telehealth services. Continue Reading Illinois’s Expansion of Access to Health Care via Telehealth Executive Order 2020-09 & Medicaid Emergency Rulemaking

remote workOn March 20, 2020, the Office for Civil Rights at the U.S. Department of Health and Human Services (“OCR”) released guidance in the form of FAQs1 clarifying its notification earlier in the week that it would not penalize health care providers for noncompliance with HIPAA rules in the good faith provision of telehealth during the nationwide COVID-19 public health emergency (the “Notification of Enforcement Discretion” or “Notification”).2

Continue Reading OCR Releases FAQs Clarifying Telehealth Enforcement Discretion During COVID-19

Looking back on 2023, the trend of privacy-based class actions has only increased, and it doesn’t seem poised to halt or even slow down in the new year. Businesses are feeling acutely the threat of future litigation. At the end of 2022, the hundreds of cross-industry respondents to the Annual Litigation Trends Survey cited cybersecurity, data protection, and data privacy as the second-highest ranked area of future concern for class actions, and their concerns turned out to be justified. From peeved Pixel plaintiffs to data breach defendants, class actions abounded this year.

Continue Reading Dashing Through 2023’s Privacy Litigation Trends

Not that long ago, financial sector regulations seldom mentioned cybersecurity expressly, instead addressing the issue indirectly through restrictions focused on general system safeguards and omnibus reporting requirements. Gone are those days. Over the past few years, federal and state regulators have increased focus on information security issues impacting financial institutions, introducing a spate of cyber rules that often include stringent regulatory reporting and disclosure requirements. This year was no different.

Continue Reading Making a List and Checking it Twice: The Impact of Cybersecurity Regulations on Financial Services in 2023

On July 20, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the Federal Trade Commission (“FTC”) sent warning letters to approximately 130 hospital systems and telehealth providers. The letters were intended to warn those entities of the privacy and security risks of online tracking technologies integrated into their websites and mobile applications. The agencies noted that the entities may be impermissibly disclosing consumers’ sensitive personal health information to third parties such as Meta/Facebook pixel and Google Analytics through the use of such online tracking technologies in potential violation of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended (collectively, “HIPAA”), the FTC Act, and/or the FTC Health Breach Notification Rule (“HBNR”).

Continue Reading HHS and FTC Warning Letters Highlight Continued Scrutiny of Use of Online Tracking Technologies in Healthcare

Many of the key policy debates that we expected to happen in 2020 seemed to be essentially frozen for the year as we all responded to the horrors of COVID and the seismic political shifts across the globe. So what does this new year hold for us? We hope for a return to normalcy as vaccinations spread across the globe, a new Administration takes the reins in DC, and the UK continues to negotiate the terms of a new relationship with the EU. Here are some of key areas in privacy and data protection where we anticipate potential developments in 2021. Continue Reading 21 Privacy and Cybersecurity Issues for 2021