Tag Archives: regulations

Nearly 20 years to the day after the first HIPAA privacy regulations were announced, HHS has posted proposed revisions to HIPAA, evidence that even after twenty years, HIPAA privacy remains a work in progress. These proposed revisions are styled by HHS OCR as an attempt “to support individuals’ engagement in their care, remove barriers to coordinated care, and reduce regulatory burdens on the health care industry.”… More

On October 1, 2019, China’s new regulation to protect personal data related to children – called the “Measures on Online Protection of Children’s Personal Data” – went into effect.

As we wrote in June, when a draft of the regulation was released by the Cyberspace Administration of China, the regulation contains elements similar to those found in both the United States’ Children’s Online Privacy Protection Act (“COPPA”) and the European Union’s General Data Protection Regulation (“GDPR”).… More

As noted recently in the Wall Street Journal, “New cybersecurity rules will give Chinese authorities sweeping powers to inspect companies’ information technology and access proprietary information—steps that are likely to deepen concerns among foreign businesses about their China operations.”  These regulations were issued pursuant to the Cybersecurity Law of the People’s Republic of China, which came into force on June 1, 2017.… More

On July 8, 2010, the Department of Health and Human Services (“HHS”) issued a notice of proposed rulemaking (“NPRM” or “proposed rule”)1 modifying the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy, Security, and Enforcement Rules2 pursuant to the Health Information Technology for Economic and Clinical Health Act (“HITECH”), which was enacted February 17, 2009 as part of the American Recovery and Reinvestment Act of 2009, Pub. L. 111-5.

I shared some of my initial thoughts about the new HITECH/HIPAA regulations with Melissa Klein Aguilar for her blog, "The Filing Cabinet," in today’s on-line edition of Compliance Week. More

Earlier today, the Department of Health and Human Services announced proposed modifications to the HIPAA Privacy Rules, calling them the most significant changes in HIPAA since 2003, when the HIPAA Security Rules were adopted.  The propose changes include:

• provisions extending the applicability of certain of the Privacy and Security Rules’ requirements to the business associates of covered entities;
   
• establishing new limitations on the use and disclosure of protected health information for marketing and fundraising purposes;…

More

In a notice apparently posted March 17, 2010, the Office of Civic Rights of the Department of Health and Human Services (“OCR”) acknowledged its delay in issuing regulations for HIPAA business associate agreements.  Those regulations are now a month overdue and from OCR’s language, they do not appear imminent:

OCR will implement important privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act through notice and comment rulemaking,… More